This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

Database development plans

Previous message (by thread): Database development plans

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lu, Ping PLu at cw.net
Thu Jan 31 16:16:58 CET 2002

> -----Original Message-----
> From: David Kessens [mailto:david at IPRG.nokia.com]
> Sent: Wednesday, January 30, 2002 11:22 PM
> To: Lu, Ping
> Cc: 'Larry J. Blunk'; db-wg at ripe.net
> Subject: Re: Database development plans
> 
> 
> 
> Ping,
> 
> On Wed, Jan 30, 2002 at 07:20:47PM -0500, Lu, Ping wrote:
> > 
> > If the mail can be intercepted then a cookie confirmation
> > won't make a difference.
> 
> You can forge a mail header without being able to intercept the mail.
> 
> > If the mail can be intercepted then a clear-text password scheme 
> > won't make a difference.
> 
> You can guess the password without being able to intercept the mail.
> 
> David K.
> ---
>

And CRYPT-PW now is no better than the MAIL-FROM. Both are easy
to get thru.

But my point is "If the email is not secure then the new proposals
(cookie, MD5 or even shadow password) won't achieve their goals".

However let's focus on "If the email is secure ..." case now.

Ping Lu
Cable & Wireless USA
Network Tools and Analysis Group
W: +1-703-292-2359
E: plu at cw.net

Previous message (by thread): Database development plans

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]