On Thu, 8 Jun 2006, Ian Eiloart wrote: > --On 8 June 2006 12:39:22 +0100 David Lee <[EMAIL PROTECTED]> wrote: > > > The incoming email > > would carry a header (of first line in body) of something like: > > Authorised: sender-pw > > > > where "sender-pw" is associated with the (claimed) From-address. This is > > different from, but complementary to, "Approved: list-pw". > > That's neither approval nor authorisation, it's authentication - proving > that the person who used the email address also knew the password > associated with it. [...]
Thanks, Ian. I agree with that technical view. That suggests that the header (of first line of body) would need to be something like: Authenticated: sender-pw To the average non-techie managerial type, what terminology (Authorised? Authenticated? etc.) is preferable? > [...] It's far better to insist on authenticated SMTP for ALL > message submission. That would, indeed, probably be the ideal. But that would itself mean that all paths by which the Mailman machine might be reached would have to be known to have an enforced mechanism for authenticated SMTP. (And what about (say) "cron" jobs generating email which might legitimately go through lists?) An insitution's (university's) "smtphost" service might naturally restrict access to its own users and thus the authentication could use, say, its central NIS/AD/LDAP-like user-base. But its Mailman service might extend considerably beyond those bounds to include collaboration with other places, for which a much wider user-base would be needed. (Suppose, for instance, that this very "mailman-developers" list were hosted at your own university?) Even if those problems could be overcome, one would still need to ensure that Mailman can know for certain that authenticated SMTP had been used. Which takes us off to another branch (about Mailan API, milters, etc.) of this fragmenting discussion!... > > > > > Given that I'm just about to start on implementing this, it would be nice > > to establish whether this sender-related word "Authorised" is the > > appropriate word, or if there is something better. > > > > I've had a look through that thread, and I'm not sure what you're trying to > achieve. Generally, there are two aspects to deciding whether someone can > post to a list: "authorisation" and "authentication". > > Passwords are usually used for both, but it's far better to separate the > functions. Knowledge of a personal password serves to authenticate you, but > not to authorise you. Knowledge of a shared password is sometimes used for > authorisation, but can't be used for authentication. Even for > authorisation, passwords are extremely weak. Agreed. That earlier thread was simply setting the ball rolling. The problem that precipitated that thread was an incident in which two emails went through our majordomo lists to the whole university (20,000 accounts), because those emails spoofed the "From" to match an entry in the "posters" file of those lists. So we are looking towards protecting these potentially massive distributions with a "From+verification" concept. (Hence our looking at Mailman, which looks much closer than majordomo to being able to offer that, especially as it is being actively developed.) Thanks again. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp