On Tuesday, Oct 28, 2003, at 09:32 Europe/Rome, Danny Angus wrote:
Stefan wrote:
So, adding SSL relay wouldn't hurt, but wouldn't help much either since
we can't force moderators to have a mail server that accepts that kind
of relay (don't even know if mine does!)
I think what should happen to ensure this level of integrity would be that
moderators should connect to an account on the James instance managing the
doco mail, in which case it means your client has to support ssl.
hmmm, this means that we have to create james accounts for all moderators, then force them to connect thru POP3 over SSL?
don't know, the more I think about this, the more it seems overkill to me: the current moderation system is done over the plain wire and nobody ever spoofed the IDs to inject spam into our mail lists.
I say we go with plain text and, if something happens, we fix it the incremental way. For now, let's just do the simplest thing that can possibly work.
Otherwise
you're at the mercy of the ability of intermediate hops to preserve your
security, and it becomes worthless again.
yep
An other suggestion might be to require moderators to sign and encrypt
their messages with PGP. I know thats it's possible for James to cope with
this, but AFAIK noone has shared any code with us.
I wouldn't go down this path. it is too intrusive for the moderators's setup.
-- Stefano.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
