>                                                               Since these
> passwords are sent by clear-text e-mail  you're just not going to be able
> to prevent administrators  from finding out what they are.  Maybe one day
> PEM will become widely available and the whole authentication scheme will
> change,  but with  plain text  passwords sent  over a  medium that  often
> bounces stuff  to the  postmaster (the postmaster  being usually  a bored
> student who  figured this paid more  than 7/11), you just  have to accept
> that  security is  limited.  This is  why there  are  options to  disable
> password  usage   and  force   the  use   of  the   "confirm"  mechanism.

I'm not holding my breath waiting for PEM to become popular, but there
are two digital signature systems for email that it would be useful for
LISTSERV to support as alternatives to clear text passwords and the
fairly secure, but irritating and awkward, confirmation mechanism.  One
is PGP and the other is S/MIME.  A number of vendors are coming out
with implementations of S/MIME.  Also, PGP will soon support automatic
querying of keyservers.

Speaking of the confirmation mechanism, it would be nice if, when
LISTSERV reached a command requiring confirmation, it simply held the
rest of the command stream until the confirmation is completed.  Then
it could execute the rest of the commands knowing that the confirmation
was completed, without asking again.  1.8d's OK BEGIN will be a step in
the right direction, but it still requires the user to rememeber to do
something extra.