Sequence-Code 1103 0997 From: Paul Robinson <[log in to unmask]> Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- On Thu Jan 06, 1994 6:51 pm EST, "A. M. Mughal" <[log in to unmask]>, was heard belching out the following: > In article <[log in to unmask]>, > Eric Thomas <[log in to unmask]> wrote: > > >There is nothing LISTSERV can do to prevent people from sending > >mail "from" the editor's address. SMTP just wasn't > >designed with authentication in mind. > > > > Eric > > Thanks, would it be possible to include authentication feature > in the next releases of LISTSERV? It is will very much > appreciated. In the immortal words of Collosal Caves adventure, "I'm game, would you like to tell me how?" Authentication is one of the hot topics on the Internet. In order to have authentication, you need one of two things: a key system (public such as PGP or Private such as Kerberos) or a password or passcode-based system. For listserv, the alternative would be - if you want a private list so only the owner can post to it - is to require a password on all messages sent out. If the owner is logged in locally to that site, or the intervening sites are not likely to monitor your mail, that is probably adequate for most lists. The problem with authentication means you have problems. Code with encryption may be illegal in some countries. Exporting may be illegal in some countries or require special permits. Here is a simple suggestion to Eric on how to allow people a not-too-complicated method of securing their lists: A simpler method would be to use a "sequence code". Each message posted has a sequence code on it, and must also have the sequence code of the PREVIOUS message. The sequence code is stripped out of the outgoing message before it is transmitted so someone reading the list never sees it. If a message doesn't have the old code, it is bounced back to the owner. If a message doesn't have a new code, it is also bounced. The sequence code can be, say, a 4-digit number similar to the TICK field on SMTP mail transmissions, and need not be sequential; it is simply a check on making sure messages are authenticated. An example appears as the first line of the text of this message. Using something like this then means the user doesn't have to have access to the headers of the message, which on some systems he cannot create or change message headers. In the Listserv database a field in addition to password would be the last sequence code number. When a list is created (or changed to requiring sequence codes) the list maintaner enters the new code there. Or resets the code to something else if the list owner changes. Make a requirement that sequence code of 0000 may not be used, and indicates that there is no sequence code required. Messages may not set the sequence code to 0000. --- Paul Robinson - [log in to unmask] Voted "Largest Polluter of the (IETF) list" by Randy Bush <[log in to unmask]> ----- The following Automatic Fortune Cookie was selected only for this message: "It's not Camelot, but it's not Cleveland, either." -- Kevin White, mayor of Boston