[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is the list down?
> I guess that means forging a message from each of us; when I first tried
> subscribing, it wouldn't accept my subscription from mycroft.rand.org for
> my mail address of rand.org without human intervention, so the attacker
> couldn't do it from his own account without forging. I just did an
> experiment verifying that "Reply-to" is honored by Majordomo, which
> would explain why I didn't get acked for the unsubscribe on Saturday.
would Majordomo still have copies of these replies???
that should point the finger (hopefully)
> Cooperative anarchy works only when people can be either motivated
> or coerced into being cooperative. As the net keeps increasing
> exponentially the probability of sucking in a critical mass of loonies
> increases along with it. As with public key cryptography, it takes only
> a linear increase in loonies to seriously interfere with the exponentially
> increasing (relatively) sane population.
> Well... countermeasures. Majordomo could require its subscriptions signed
> with a valid public key (PGP or RIPEM) with the public key in the signed
> body, and process future transactions for that individual only if they're
> signed. That's still open to a spam attack, though, where the attacker
> can subscribe 30 variations of (say) Jim Gillogly's address with different
> public keys constructed just for that, and Gillogly wouldn't be able to
> send the right unsubscriptions.
increase human intervention ie a human needs to authorise unsubscribes
(or doesn't accept replys) as not all ppl use pgp or ripem
> Jim Gillogly
> Mersday, 18 Thrimidge S.R. 1994, 16:09
Yours in SYNC. Robert Sturtz
__/// [email protected] (Ice-Fox on irc) __///
\XX/ Vice-President of Eastern Wargamers And Roleplayers Club \XX/