On Tue, 1 Oct 2013 10:28:48 -0400 Greg <g...@kinostudios.com> wrote: > So, my password, iPoopInYourHat, is being sent to me in the clear by > your servers.
Two things to keep in mind: 1. The damage one can do to you with knowledge of this password is beyond minimal. You might have your list subscriptions changed; so what? 2. The password is sent just in case you forgot it and want to unsubscribe. Without the password, any troll might unsubscribe you from the list by simply forging headers. Were this to be encrypted, you would wind up with the classic problem of lost private keys, leaving people who forgot their password unable to unsubscribe (at least in any automated fashion). -- Ben -- Benjamin R Kreuter UVA Computer Science brk...@virginia.edu KK4FJZ -- "If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." - George Orwell
signature.asc
Description: PGP signature
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
