--On 8 June 2006 12:39:22 +0100 David Lee <[EMAIL PROTECTED]> wrote:
> The incoming email > would carry a header (of first line in body) of something like: > Authorised: sender-pw > > where "sender-pw" is associated with the (claimed) From-address. This is > different from, but complementary to, "Approved: list-pw". That's neither approval nor authorisation, it's authentication - proving that the person who used the email address also knew the password associated with it. It's far better to insist on authenticated SMTP for ALL message submission. > > Given that I'm just about to start on implementing this, it would be nice > to establish whether this sender-related word "Authorised" is the > appropriate word, or if there is something better. > I've had a look through that thread, and I'm not sure what you're trying to achieve. Generally, there are two aspects to deciding whether someone can post to a list: "authorisation" and "authentication". Passwords are usually used for both, but it's far better to separate the functions. Knowledge of a personal password serves to authenticate you, but not to authorise you. Knowledge of a shared password is sometimes used for authorisation, but can't be used for authentication. Even for authorisation, passwords are extremely weak. -- Ian Eiloart IT Services, University of Sussex _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
