X-Message-Number: 6747 From: Peter Merel <> Subject: Securing Cryonet Date: Thu, 15 Aug 1996 00:45:11 +1000 (EST) Kevin Q. Brown writes, >I'll be taking some time off Aug. 15 - 20, probably with sporadic >email access but certainly not full admin capabilities. Let me >know your brilliant ideas. Thanks. The question is, how secure should secure be? You could auto-bounce email from non-subscribers and refuse anonymous subscriptions, but then not-David-Cosenza would only turn to forgery; he's already shown that he has the willingness, if not the technical ability, to carry this off. The same weakness would affect a full-on moderation scheme - quite apart from the thankless pain that a moderator would endure ... if one could be found. To really make the list secure you'd need to require subscribers to sign their submissions with something like PGP or Verisign. This would certainly work okay, but it would also cut off subscribers who don't have the technical expertise to get these things going easily - probably quite a few subscribers. So I think what's wanted is a password setup; each subscriber to the list would be issued with a unique password. When a subscriber wanted to post to the list, they'd include their own password, say on the subject line preceding the real subject. The password would be automatically stripped off before their posting was mailburst to the other subscribers. This isn't a perfect scheme, but it doesn't have to be; if not-David- Cosenza hacks one or more passwords then new ones can be issued, clarifications made and subscriber-security beefed up. The main thing is that this fixes the security problems without making life too difficult for new subscribers. Not-David-Cosenza can still spam sci.cryonics of course, but there anyone who reads him will just use a kill-file. Peter Merel. Rate This Message: http://www.cryonet.org/cgi-bin/rate.cgi?msg=6747