From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nick Dokos Subject: Re: Re: Gmane readers - please subscribe Date: Tue, 27 Apr 2010 10:05:35 -0400 Message-ID: <26154.1272377135@gamaville.dokosmarshall.org> References: <87wrvtkawl.fsf@benfinney.id.au> <87k4rtod4o.fsf@eku238261.eku.edu> <87ljc9jjqt.fsf@benfinney.id.au> Reply-To: nicholas.dokos@hp.com Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1O6lQI-0007mL-Fh for emacs-orgmode@gnu.org; Tue, 27 Apr 2010 10:06:02 -0400 Received: from [140.186.70.92] (port=44221 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1O6lQG-0007kw-U0 for emacs-orgmode@gnu.org; Tue, 27 Apr 2010 10:06:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1O6lQE-0002ns-Da for emacs-orgmode@gnu.org; Tue, 27 Apr 2010 10:06:00 -0400 Received: from vms173009pub.verizon.net ([206.46.173.9]:62422) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O6lQE-0002nn-9v for emacs-orgmode@gnu.org; Tue, 27 Apr 2010 10:05:58 -0400 Received: from gamaville.dokosmarshall.org ([unknown] [173.76.32.106]) by vms173009.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0L1J00CDPGHCS4F3@vms173009.mailsrvcs.net> for emacs-orgmode@gnu.org; Tue, 27 Apr 2010 09:05:36 -0500 (CDT) In-reply-to: Message from Ben Finney of "Tue\, 27 Apr 2010 20\:02\:50 +1000." <87ljc9jjqt.fsf@benfinney.id.au> List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org To: Ben Finney Cc: nicholas.dokos@hp.com, emacs-orgmode@gnu.org Ben Finney wrote: > Tyler Smith writes: >=20 > > Ben Finney writes: > > > > > A large part of my reason for reading via Gmane is to avoid yet > > > another set of authentication credentials. Especially one that I > > > never use; that's a security nightmare waiting to happen. So I'm not > > > interested in increasing my security exposure by making a Mailman > > > account on yet another site. > > > > Yikes! What nightmare awaits those of us who've foolishly gone ahead > > and subscribed? What's my exposure, beyond some nefarious cracker > > impersonating me on emacs-orgmode? >=20 > The assumption here is that logging into the mailing list account is > something done infrequently to never for any given user. That's > certainly the case for just about any list I've subscribed to. >=20 > For an infrequently-to-never used passphrase, one of two things is the > case: either it's unique, or it is identical to the passphrase that > accesses some other set of services for the user. >=20 > Since it's an infrequently-to-never accessed service, it's an > unreasonable burden to expect the user to maintain unique passphrases > for every such service. If for this list, why not for every such list? >=20 Why not indeed? See below. > So what usually ends up happening is they're identical for a given > person across many different services. But the more that's the case, the > greater the exposure: any one of those services could manage their > security poorly, or simply be unlucky enough to attract a bored and/or > motivated cracker; and a compromise on any one of them removes any > expectation of security on any of the rest of the services where the > user has the same passphrase. >=20 > The sensible policy, therefore, is to cull the proliferation of such > passphrase-requiring infrequently-to-never-accessed accounts. Which, in > turn, means saying a polite =E2=80=9Cno thank you=E2=80=9D to most reques= ts to set up > new accounts. >=20 It seems to me that another sensible policy is to generate a random password, set it and forget it. If I ever need it, I use the password reminder mechanism. The policy has the advantage of reducing the load on the administrators. The disadvantage is that I have to wait a few minutes before I can make changes. I'm perfectly willing to make that trade-off. The most serious problem with this approach is how to generate a password that obeys whatever stupid (and in many cases, undocumented) restrictions the program designer imposes on acceptable passwords. Witn mailman, you can let *it* generate the password. There may be other problems of course that I have not thought about. I also sympathize with your point of view[1]: there are many cases where I *have* to have another password and it drives me up the wall, but in this one case, I really don't mind. Nick [1] For mailman in particular, Jamie Zawinski published an essay entitled "Mailman considered harmful", attacking the mailman password policy (among other things): http://www.jwz.org/doc/mailman.html Barry Warsaw's rebuttal is here: http://www.gnu.org/software/mailman/jwzrebuttal.html =20=20=20=20