I understand that the identities issue is an issue with every desktop client, and that RoundCube is suppose to be a desktop-esk client in a browser. Still that being said, I would maintain that Identities is a feature and it would be nice if admins had the ability to turn that feature off. If I am alone on this then so be it, I will just turn it off myself, o be the glory of open source. But I still thought the point was valid to raise.
Btw, Jason, I like your satire, good work. --- Jim Lester ACM Staff Manager [EMAIL PROTECTED] On Mon, 8 Jan 2007 18:58:52 -0500, Jason Stelzer <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Jan 8, 2007, at 6:02 PM, Jim Lester wrote: > >> So I like the ability to have multiple identities but right now its >> a huge security risk to have enable the way I see it. Since there >> is no indication in the header of the original username, and also >> no check to authorize the user for the address they are adding, I >> just can't allow my users to have that option. It wont even be a >> day before people start sending emails out as me and as the >> officers. Does anybody else share this sentiment? If so, I propose >> that there needs to be 1) a simple way to disable it and 2) a way >> to force RC to put the original identity into the headers of the >> outgoing message. Thanks. >> > > So you're saying you want to change how email works? > > The 'problem' you're describing applies to just about any mail client > that an end user has to configure. Desktop or otherwise. > > Of course, we could always come up with a way to embed a digital > signature on emails so we could verify identities. That way we could > ensure that messages are indeed from who they claim to be and that > content has been unmodified. Actually, if both parties exchanged keys > prior to the email, then we could encrypt the entire message. Of > course this would rely on some fairly advanced cryptography, but the > resulting privacy and identity verification would be pretty good. > > Oh... wait... > > > - -- > J. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (Darwin) > > iD8DBQFFotq8vxud+cMTf5IRAs4fAKCKiINlnfN2IBk3sifGWDfiGw4ARACgwltr > ZXiBmnxXCy9AZ7SahvyBezc= > =Y/1t > -----END PGP SIGNATURE-----
