Nathan said: > But it doesn't make sense for one person to be able to send the OK for > a message that was originally meant for someone else to OK. That defeats > the purpose, Roger. Remember that the OK "magic cookie" mechanism isn't > just used to approve postings that get bounced to the editor on > Send= Editor,Hold. It's used for a lot of other things as well that > you would NOT want just anyone sending an OK for. To change that > would be a major mistake. The OK mechanism is specifically aimed at > making sure that person A who sent the command is <really> person A, > and not person B who is spoofing commands. That's why it's actually > more secure than a password. The reason the magic cookie is more secure than a password is that it is *much* harder to intercept mail than it is to spoof mail addresses. If you send a magic cookie to A, and then someone shows up with the magic cookie, you can be pretty sure that it is A (or someone with access to A's account), even if it comes with a return address from some other account. Requiring that the cookie come from A's address adds little to the security. If someone can spoof A's address to send the command, then they can spoof it again to send the cookie back--provided they can get the cookie. > I'll document it--it's a good point--but it sure seems pretty obvious > to me. In a discussion of the OK mechanism (which I do need to write) > it would be quite clear that person B can't OK person A's editorial > submissions. When you are confirming commands that A (apparently) sent, there is little reason to accept the cookie back from any other address. But in the case of message approval, A never sent a command. C sent a message to the list. C cannot confirm it-- that is the whole point of a moderated list. But the concept of having multiple editors for a list seems to me to imply strongly that *any* editor should be able to approve the message. Note that this is not saying that there should be no address check on the cookie message. In order to fake message approval, someone would have to have the cookie *and* to forge the address of an editor. Peace, Dan << Daniel D. Wheeler Internet: [log in to unmask] >> << University of Cincinnati Bitnet: wheeler@ucbeh >>