LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: ELM bouncing / Editor Passwords ?

Paul Robinson <[log in to unmask]>

Tue, 1 Feb 1994 12:36:59 -0500

text/plain (68 lines)

Sequence-Code 1103 0997
From: Paul Robinson <[log in to unmask]>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
-----
On Thu Jan 06, 1994  6:51 pm  EST, "A. M. Mughal" <[log in to unmask]>,
was heard belching out the following:

> In article <[log in to unmask]>,
> Eric Thomas  <[log in to unmask]> wrote:
>
> >There is  nothing LISTSERV  can do to prevent people from sending
> >mail "from"   the   editor's  address.   SMTP   just   wasn't
> >designed   with authentication in mind.
> >
> >  Eric
>
> Thanks, would it be possible to include authentication feature
> in the next releases of LISTSERV? It is will very much
> appreciated.

In the immortal words of Collosal Caves adventure, "I'm game, would you
like to tell me how?"

Authentication is one of the hot topics on the Internet.  In order to have
authentication, you need one of two things: a key system (public such as
PGP or Private such as Kerberos) or a password or passcode-based system.
For listserv, the alternative would be - if you want a private list so
only the owner can post to it - is to require a password on all messages
sent out.  If the owner is logged in locally to that site, or the
intervening sites are not likely to monitor your mail, that is probably
adequate for most lists.

The problem with authentication means you have problems.  Code with
encryption may be illegal in some countries.  Exporting may be illegal in
some countries or require special permits.

Here is a simple suggestion to Eric on how to allow people a
not-too-complicated method of securing their lists:

A simpler method would be to use a "sequence code".  Each message posted
has a sequence code on it, and must also have the sequence code of the
PREVIOUS message.  The sequence code is stripped out of the outgoing
message before it is transmitted so someone reading the list never sees
it.  If a message doesn't have the old code, it is bounced back to the
owner.  If a message doesn't have a new code, it is also bounced.  The
sequence code can be, say, a 4-digit number similar to the TICK field on
SMTP mail transmissions, and need not be sequential; it is simply a check
on making sure messages are authenticated.  An example appears as the
first line of the text of this message.  Using something like this then
means the user doesn't have to have access to the headers of the message,
which on some systems he cannot create or change message headers.

In the Listserv database a field in addition to password would be the last
sequence code number.  When a list is created (or changed to requiring
sequence codes) the list maintaner enters the new code there.  Or resets
the code to something else if the list owner changes.   Make a requirement
that sequence code of 0000 may not be used, and indicates that there is no
sequence code required.  Messages may not set the sequence code to 0000.

---
Paul Robinson - [log in to unmask]
Voted "Largest Polluter of the (IETF) list" by Randy Bush <[log in to unmask]>
-----
The following Automatic Fortune Cookie was selected only for this message:

"It's not Camelot, but it's not Cleveland, either."
                -- Kevin White, mayor of Boston

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM