On Fri, Dec 07, 2001 at 11:23:02PM -0500, Peter W wrote: > Right. That's what I'm suggesting, that maybe such a cookie plan should be > implemented. I like my idea of the cookie being a hash of both the > recipient address and something like a time value, so that "replay" > attacks are less feasible. You shouldn't be able to pick up a disk drive > that Barry W discarded a year earlier and get a cookie that still lets you > unsubscribe him from this list. :-)
Throw in a saved secret per list or per test message, too. The recipient address is known, and time values can probably be guessed if you have a known config and the attacker is generating the "bounces". The attacker could probably brute force the right address within 300 messages (5 minute timespan). > > If you get a bounce to the address that has the > > proper hash, then you can pretty safely disable them (unless their > > postmaster is out to get them. But you can't save them from that). > > Or if someone gets to their saved messages, right. > > > If you > > don't get the message bounced back then that email address isn't really (or > > at least always) bouncing. > > Eaxctly. Sounds like we're in basic agrement about the potential value of > a cookie-laden envelope? It makes my life easier when I use ezmlm. I think it would be a good addition to mailman. -- The 5 year plan: In five years we'll make up another plan. Or just re-use this one. _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers
