[147462] in cryptography@c2.net mail archive
Re: [Cryptography] Why is emailing me my password?
daemon@ATHENA.MIT.EDU (Markus Wanner)
Wed Oct 2 11:05:36 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 02 Oct 2013 16:40:05 +0200
From: Markus Wanner <markus@bluegap.ch>
To: Greg <greg@kinostudios.com>
In-Reply-To: <849211D6-2D38-4A6D-AB5E-42CA26855CFF@kinostudios.com>
Cc: Nick <cryptography-list@njw.me.uk>, John Ioannidis <ji@tla.org>,
=?ISO-8859-1?Q?Lodewijk_andr=E9_de_la_porte?= <l@odewijk.nl>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.
--===============2494279664150292289==
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="=_klepario.bluegap.ch-27842-1380724988-0001-2"
This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.
--=_klepario.bluegap.ch-27842-1380724988-0001-2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 10/02/2013 04:32 PM, Greg wrote:
> I agree, I apologize for the excessively negative tone. I think RL (and=
> unrelated) agitation affected my writing and word choice. I've taken
> steps to prevent that from happening again (via magic of self-censoring=
> software).
Cool. :-)
> I don't see why a one-time-password is necessary. Just check the header=
s
> to verify that the send-path was the same as it was on the original req=
uest.
Hm.. that's a nice idea, but I don't think it can work reliably. What if
the send path changes in between? AFAIK there are legitimate reasons for
that, like load balancers or weird greylisting setups.
Plus: why should that part of the header be more trustworthy than any
other part? Granted, at least the last IP is added by a trusted server.
But doesn't that boil down to IP-based authentication?
I'm not saying it's impossible, I just don't think it's as good as a
one-time token. Do you know of a mailing list software implementing such
a thing?
Regards
Markus Wanner
--=_klepario.bluegap.ch-27842-1380724988-0001-2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQQcBAEBCgAGBQJSTDBFAAoJEOhoLRs/MemzLlsf/iWUmt2Y/FYoVP7P/eLuoYy4
O17101IH5iKDJ4jqQkdyyitAeGGcT6VOhYVIEG5VM744DfY3RqXfvqq9G0oT0k2j
5KZxsBkNkMlFh9KKI8kJP2LqXUPAj7aW8YpyDe5daE8wOPwW7Hdw9JkffOPJMLrv
OJ94hS/qwN87F3rOjinhYb4TEeClb+PcHM2LPPwCKfKonEnuyJzQ040HV/irZSOv
9e3faGT1ObIEPUG9BKYe/qs/nUDo7wJ2bFyp9zwj6do4zPnaFAaRHyi0yWzkvn6z
96KR6aFXKGkW3nLSqEE09MoHluUlvaUsjuF6234DH1Tt56B0R8MoNTxhp71+i77l
h/9P4NFqit0lnjicFrxX0VLUNkC6l9Z7RUa2IFnxSfPiARgv5NRF3oXmVfcHqEjZ
N7SWY6fJPWyUXP7bLQeLK4rn1cyzD8/anR/fPXaJOQI42l4yWEuhwkUOC6R2oc44
QL6vwlCU6PZXn8oQKWSZBUitLhSOxUnIqnol6NMPQLac0wAeUKri5uDnIlYOd4wU
zQ1Vi0QKwn8DtONK1tUoc8douA8B959KHODlUDUnF945cUFl2xL1mE/KFLlN2CXl
Nk4H2lkjGIxsJ2YuCtfnnnrxvB7jkwBasAiKpZByMNKCHfYd/Qg4rbvMsjNG2SQB
RinfLxy3gF11rzeUSI7BB3Idt2bIkPHfmWnb+g58I2UihPekflXbjeZ7tIHawBop
o+Iz0bwYkYW76DOu2NoPgZG8O5HdFe0WARXxi16ZgZnxIdHubiSRST2WzZZur6P3
ryYEUnJ0m0zXIi7cM75YXM6405zgwWlv9FG1ej9udt2IWBNp15evjKBq1Uy9oHTR
YejI7dhWZExflKBoPP8qfpWEIv6LM7ns6DZveAWPJdpDEjpJhxVRzVf44Hg9GvAg
8KxDIehVGLb6K3hy19zdWMFkNYndchTMGburc/9Nhwh+x8C/Sqrdah80CvF8e9rg
6mZ79BheNnFOKmI+63gbJtngdJCVrretPfSnW/76oPE+ua4HOGN0OjFI7ezxwXpV
e+lqwtMEXNdunUzHFR/q9xxj6QdVOw1F/EEQYbWE5yu92ua+tIhyg/Ki0j48u3QM
uZpxWSi043MhzAeROzKF0Gj35etidd/jEmynWDlf+H/OIkGLjW6STweT9IFAfkfB
EWYqwaqcUO4IG657KLwKgFuUTcyQ9ltg2FDs7ZRcT5J4y1z4dQZ8A8ToeEKEKqcb
GLkHSr8K6OkXIqQnWmky4EYZxByGYnLT/ac7MG4AWOg0naDP6XMMkZDpbvBgxCJk
PiB6NeOwBudQtBUopKi/+NdpSl5uPz+JvgJNQRfTzRzmyNjYxUpbqmtrhLh8Ji8=
=wk4w
-----END PGP SIGNATURE-----
--=_klepario.bluegap.ch-27842-1380724988-0001-2--
--===============2494279664150292289==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2494279664150292289==--
