[Cryptography] Why is emailing me my password?
Markus Wanner
markus at bluegap.ch
Tue Oct 1 16:17:20 EDT 2013
On 10/01/2013 06:56 PM, Benjamin Kreuter wrote:
> 2. The password is sent just in case you forgot it and want to
> unsubscribe. Without the password, any troll might unsubscribe you
> from the list by simply forging headers. Were this to be encrypted,
> you would wind up with the classic problem of lost private keys,
> leaving people who forgot their password unable to unsubscribe (at
> least in any automated fashion).
Agreed, that's a good point against PKI in this case. However, why use a
password at all? I'd also argue it gives a false sense of security.
For that very reason I prefer mailing list software that works via email
(rather than web interface) and authenticates by the ability to receive
mails under the given email. Forging headers doesn't quite suffice
there, either.
Regards
Markus Wanner
More information about the cryptography
mailing list