Re: list

[Xander Jansen <]

Wilfried,

On Thu, 12 Feb 1998, Wilfried Woeber, UniVie/ACOnet wrote:

+ >The only way to prevent most (but probably not all) forged subscriptions
+ >is the confirm mechanism but as James pointed out that too has problems
+ >but when choosing between two evils I would prefer a confirmation
+ >mechanism above the ease to subscribe local sublists. 
+ 
+   Why is the cookie confirmation an .XOR. for subscribing a local sublist?

It is not exactly an .XOR. but depending on the implementation of the
software the acknowledgement of the subscription has to come from specific
return-adresses and that can cause either some hacking or at least using a
mail client that sends out the ACK as coming from the sublist address. But
again, this depends on how the cookie-mechanism is implemented. I don't
know how majordomo does it but I guess there will be some checking on
adresses. If the only check is the returned cookie than I guess there is
no problem at all and the confirmation mechanism has no repercussions for
sublist-subscriptions. 

Xander