On Nov 2, 2012, at 3:39 PM, Paul Aitken <paitken(_at_)cisco(_dot_)com> wrote:
John,
Why does the "mailing list memberships reminder" send passwords in the
clear?
Because that's what Mailman does. Send code.
And that's acceptable to the IETF? You're kidding me, right?
Because the security is compatible with the risk.
These are open mailing lists; anyone can join, and anyone can read the
archives without subscribing. This means that the resource being protected
is of low value -- very low value. Sending out a randomly-generated password
in the clear is perfectly acceptable for that situation.
Having that off by default would be reasonable, but to reduce annoyance,
not because it produces any real increase in security.
For a private, sensitive mailing list, the analysis would be different.
--Steve Bellovin, https://www.cs.columbia.edu/~smb