The passwords are only sent once in a session, while the remainder of the session uses tickets (like Kerberos). I think you could protect the initial login by modifying the action tag in the login template so it doesn't use the &+SCRIPT macro to evaluate the WA url, but uses an URL with https in it.
>>> Kevin Williams <[log in to unmask]> 3/16/2000 2:02:28 PM >>>
Has anyone had any experience using Secure Socket Layers for the Web
interface to LISTSERV or Transport Layer Security with e-mail commands?
Some of our security people have expressed concern about the use of
clear-text passwords in managing LISTSERV.
--
Kevin Williams
Fermilab PC Support Group