Great Circle Associates Majordomo-Workers
(September 1995)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: idea for validating listadmins....
From: Yary Hluchan <yhluchan @ ops . raynet . com>
Date: Mon, 18 Sep 1995 14:13:08 -0700
To: majordomo-workers @ greatcircle . com
In-reply-to: <199509180759.JAA08513@tandem.uni-trier.de>

On Mon, 18 Sep 1995 09:59:49 +0200 Jan Wender writ:
] >downloaded majordomo and is thinking about installing it on. Anyway, I'm
] >reading the description on how the lists can be administered via mail, which
] >is great, but validation is done via passwords sent in the clear, which 
doesn'
] >t
] >sound so great... how about an option that would do away with passwords, and
] >have majordomo check the listadmins pgp sig? Admin could send command in the
] >clear signed with his/her private key, majordomo checks against public key
] >and viola, forgery becomes much more difficult, no passwords required.
] Nope, you dont gain anything by that. With passwords, I need to intercept
] one message from tha Admin to get it. With the PGP-sigs I also only need to
] intercept one message and copy the sig from it. Same thing.

No, since the sig changes as the messages do, someone intercepting the pgp 
signed message could at best send the same command over and over... as opposed 
to someone capturing a password and then being able to send any command at 
all. Seems like a win to me.

-yary

Indexed By Date Previous: idea for validating listadmins....
From: Yary Hluchan <yary@apicom.com>
Next: race condition? (was: Re: Majordomo subscription problem)
From: rj@rainbow.in-berlin.de (Robert Joop)
Indexed By Thread Previous: idea for validating listadmins....
From: Yary Hluchan <yary@apicom.com>
Next: race condition? (was: Re: Majordomo subscription problem)
From: rj@rainbow.in-berlin.de (Robert Joop)

Google
 
Search Internet Search www.greatcircle.com