 
Mon, 11 May 1992 23:08:12 EDT
|
On Fri, 8 May 1992 16:29:41 PDT John Riehl said:
>I have received complaints from listowners (as well as experiencing this
>myself) that users are attempting to subscribe to lists which are set
>to confidential=yes. Because of the nature of the lists, these are not
>lists about which anyone would know. Does confidential=yes mask
>everyone? It is politically important that NOONE even know about the
>lists.
I have at least two lists here at Temple which are confidential in that they
are not known to anyone who does not have an account here. Subscription
requests to these lists are redirected to each list's owner who then decides
whether or not to let the person sign up. Another option is to allow only
the list owner to initiate subscriptions and all subscription attempts by
individuals are rejected without any notice going to the owner. This is
described in the LISTKEYW MEMO which is widely available.
As far as security goes, this is as good as it gets. Putting your sensitive
information on a network, be it through a Listserv list or other medium,
involves some security risk. You cannot have easy access and high security.
The two are mutually exclusive. In my humble opinion, security at the level
you imply isn't worth spending that much time on since anyone who is on your
sensitive list can give to his or her account to anyone they want and thus
others can get to your list fairly easily. Subscribers who you presumably
trust can also forward mail from such a list to others who you may not
trust. There is nothing you can do about this aside from taking punitive
action against those individuals who share your confidential information. Of
course, you have to catch them first. Minimal security is the nature of
Listserv and of the entire Internet and Bitnet networks where information
sharing is the intension, not information hiding. Oops! Sorry for going on
so long.
Stan Horwitz
Listserv Postmaster
Temple University
Acknowledge to: OASIS@TEMPLEVM (or VM.TEMPLE.EDU)
|
|
|
