LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: OK failed on editor,hold list

Dan Wheeler <[log in to unmask]>

Sun, 23 Jul 1995 23:11:23 -0500

text/plain (47 lines)

Nathan said:
 
> But it doesn't make sense for one person to be able to send the OK for
> a message that was originally meant for someone else to OK.  That defeats
> the purpose, Roger.  Remember that the OK "magic cookie" mechanism isn't
> just used to approve postings that get bounced to the editor on
> Send= Editor,Hold.  It's used for a lot of other things as well that
> you would NOT want just anyone sending an OK for.  To change that
> would be a major mistake.  The OK mechanism is specifically aimed at
> making sure that person A who sent the command is <really> person A,
> and not person B who is spoofing commands.  That's why it's actually
> more secure than a password.
 
The reason the magic cookie is more secure than a password is
that it is *much* harder to intercept mail than it is to spoof
mail addresses.  If you send a magic cookie to A, and then
someone shows up with the magic cookie, you can be pretty sure
that it is A (or someone with access to A's account), even if it
comes with a return address from some other account.  Requiring
that the cookie come from A's address adds little to the
security.  If someone can spoof A's address to send the command,
then they can spoof it again to send the cookie back--provided
they can get the cookie.
 
> I'll document it--it's a good point--but it sure seems pretty obvious
> to me.  In a discussion of the OK mechanism (which I do need to write)
> it would be quite clear that person B can't OK person A's editorial
> submissions.
 
When you are confirming commands that A (apparently) sent, there
is little reason to accept the cookie back from any other
address.  But in the case of message approval, A never sent a
command.  C sent a message to the list.  C cannot confirm it--
that is the whole point of a moderated list.  But the concept of
having multiple editors for a list seems to me to imply strongly
that *any* editor should be able to approve the message.
 
Note that this is not saying that there should be no address
check on the cookie message.  In order to fake message approval,
someone would have to have the cookie *and* to forge the address
of an editor.
 
                          Peace,  Dan
 
<<  Daniel D. Wheeler          Internet:  [log in to unmask]  >>
<<  University of Cincinnati     Bitnet:  wheeler@ucbeh       >>

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM