nanog mailing list archives
Re: it's mailman time again
From: Rich Kulawiec <rsk () gsp org>
Date: Sat, 2 Sep 2023 03:57:58 -0400
On Fri, Sep 01, 2023 at 10:16:05AM -0700, Randy Bush wrote:
and i just have to wonder about sending passords over the net in cleartext in 2023. really?
This is a non-issue. Given that pretty much every SMTP connection is encrypted and that the worst thing that an attacker in possession of one of your Mailman passwords can do is unsubscribe you (in which case you and the list manager will be notified, and you can solve the problem quite rapidly), no, this isn't a problem that anyone needs to worry about. I've run (and am running) a lot of mailing lists with Mailman including some large-ish ones for what's now approaching 20 years. The scenario above has never happened. Nobody's even tried, which isn't surprising given that such an attack is increasingly difficult and yields little, if any, benefit to the attacker. Moreover, any hypothetical attacker possessing the resources and expertise required to pull this off could certainly find far more effective things to do. ---rsk
Current thread:
- it's mailman time again Randy Bush (Sep 01)
- Re: it's mailman time again Grant Taylor via NANOG (Sep 01)
- Re: it's mailman time again Rubens Kuhl (Sep 01)
- Re: it's mailman time again Jim Popovitch via NANOG (Sep 01)
- Re: it's mailman time again Rich Kulawiec (Sep 02)
- Re: it's mailman time again Aaron de Bruyn via NANOG (Sep 02)
- Re: it's mailman time again John Levine (Sep 02)
- Re: it's mailman time again John Levine (Sep 02)
- Re: it's mailman time again Jim Popovitch via NANOG (Sep 02)
- Re: it's mailman time again Randy Bush (Sep 02)
- Re: it's mailman time again Richard Porter (Sep 02)
- Re: it's mailman time again J. Hellenthal via NANOG (Sep 03)
- Re: it's mailman time again Aaron de Bruyn via NANOG (Sep 02)