Re: abusive changes of person handles (protect your maintainer!)
Hi Joao!
There are two issues here: - The use of very weak protection methods (NONE and MAIL-FROM) (see *).
wrt the "see *": I think they do have a point in principle. In reality (for many individuals, I suppose :-) it's still more staright-forward to fake a mail-from header than reverse-engineer a crypted password string in itself. However, given the fact that many operatinal environments these days require mail to be shipped multi-hop, the risk of disclosing the (clear text) password is greater than we might want to believe...
Would the community see this change in behaviour as a good thing?
Definitely! Wilfried.
I AGREE !!! ----- Original Message ----- From: Wilfried Woeber, UniVie/ACOnet <woeber@cc.univie.ac.at> To: <joao@ripe.net> Cc: <lir-wg@ripe.net>; <db-wg@ripe.net>; <woeber@cc.univie.ac.at> Sent: Friday, November 19, 1999 2:31 PM Subject: Re: abusive changes of person handles (protect your maintainer!)
Hi Joao!
There are two issues here: - The use of very weak protection methods (NONE and MAIL-FROM) (see *).
wrt the "see *": I think they do have a point in principle. In reality (for many individuals, I suppose :-) it's still more staright-forward to fake a mail-from header than reverse-engineer a crypted password string in itself.
However, given the fact that many operatinal environments these days require mail to be shipped multi-hop, the risk of disclosing the (clear text) password is greater than we might want to believe...
Would the community see this change in behaviour as a good thing?
Definitely!
Wilfried.
participants (2)
-
Cyrille Lefevre -
Wilfried Woeber, UniVie/ACOnet