On Thu, 21 Nov 2002, Marilyn Davis wrote: > > I'd like to see a different mechanism - when you want to change your account > > info, Mailman would email you a URL containing a short-lived session key > > that you could use to get to your account page. No passwords. > > Or, mailman can require a confirmation message, like it does for > subscriptions. > > It would be good if a group could turn on encryption to encrypt the > messages and keep them off the web. I suppose that's a big project.
It's actually very easy to do. I created a proof-of-concept earlier this year by encrypting all traffic to/from my mailman lists with IBE (Identity Based Encryption). Worked out pretty well. I think the suggestion about a URL being mailed is far better (again a sniffer could get the url and reset the password before the user), but at least the password isn't readable... Donal DCU _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers
