>
> [In a message on Sun, 26 Nov 1995 14:46:09 PST,
> "George Herbert" wrote:]
> >
> >This off the net (news.admin.net-abuse.misc); sounds like a feature which
> >would be very very useful to add to Majordomo.
> >....
> >4. The sender receives this letter, and confirms the request by mailing
> >the new email with the token random number back to the listserver. The
> >listserver looks for the token random number in the message body, and if
> >present, processes the request(s), then wipes the request entry from the
> >request file.
> >
> >
> >This strikes me as a sensible, simple solution that is fairly robust and
> >difficult to defeat. I wonder why this system has not been implemented
> >on listservers, since mailbombing is a routine occurance which consumes
> >a lot of time, both of the victim's and of the system admin.
>
> So what your suggesting is, for every list I wish to subscribe to, I
> have to ask twice.
>
> If only there were a better key distribution system in place for PGP
> keys. Then I could attach a digital signature to my request, and be
> done with it. Perhaps it's not such a stupid idea, however, to use
> digital signature. If each majordomo host allows one to "register" a
> key (perhaps via some archane syntax, or like the above, with a
> verification mail: Imagine. I say "here is my public key", majordomo
> reponds with "sign this and mail it back". You sign it, and mail it
> back. What you send back is a verification tag, and if it passes
> signature, it assumes the first person it heard from, and the second, is
> the same.). Then all lists that host controls can use your signatures.
>
> I promise, I'll impliment it just a SOON as I possibly CAN :-)
>
> My $0.02 anyway.
>
> Sean
>
Even if you force people to keep a correct (and current) email address
in the User ID portion of the PGP key, (which is too restrictive as humans
are lazy by design), a spamaziod could make some junk PGP key with your
email address, add it to a keyserver, then make the subscribe request. Might
also may it impossible for the spam victim to get off the list!
If you want a Majordomo list server that uses PGP to provide encrypted
administration and encrypted distribution, feel free to grab by code:
ftp://hawww.ha.osd.mil/pgpdomo/pgpdomo.tar.Z
Should be a could start for any PGP code enchancements to Majordomo.
Patrick
|
|
