-----Original Message----- From: David Kessens [mailto:david@IPRG.nokia.com] Sent: Wednesday, January 30, 2002 11:22 PM To: Lu, Ping Cc: 'Larry J. Blunk'; db-wg@ripe.net Subject: Re: Database development plans
Ping,
On Wed, Jan 30, 2002 at 07:20:47PM -0500, Lu, Ping wrote:
If the mail can be intercepted then a cookie confirmation won't make a difference.
You can forge a mail header without being able to intercept the mail.
If the mail can be intercepted then a clear-text password scheme won't make a difference.
You can guess the password without being able to intercept the mail.
David K. ---
And CRYPT-PW now is no better than the MAIL-FROM. Both are easy to get thru. But my point is "If the email is not secure then the new proposals (cookie, MD5 or even shadow password) won't achieve their goals". However let's focus on "If the email is secure ..." case now. Ping Lu Cable & Wireless USA Network Tools and Analysis Group W: +1-703-292-2359 E: plu@cw.net