On Thu, Oct 22, 2015 at 10:38 AM, Paul Wouters <paul(_at_)nohats(_dot_)ca>
wrote:
On Thu, 22 Oct 2015, Russ Housley wrote:
Versions of Mailman beyond 2.1.15 have no capacity for sending out
password reminders; it was removed. Brian, you have loudly argued for this
capability to be retained.
I must have missed it between all the email reminders with passwords :)
It seems to me that DMARC re-writing is a more important feature for this
community. I think we should drop support for the password messages and
move to a newer version. I'd like the tools team to check this out, and
then if the newer version will not introduce other surprises, move to the
newer version.
It is Oct 21 2015. While I am not insisting we have flying cars or
hooverboards, I think the IETF not sending plaintext passwords through
unencrypted email is highly overdue. It would be great if on Nov 1st
when my plane lands in Yokohama, I am not treated by a number of IETF
password emails.
+1
The point of eating the dog food is to make better dog food, not get
used to the taste.
Right now we have a broken system of email of which the passwords are
a symptom. In general any time you have a protocol that involves a
password, it is a broken, obsolete system. Unfortunately we seem to
keep coming up with new ways to support passwords rather than an
approach that makes public key based auth as easy to use.
Mailing lists are a broken technology. Currently the IETF is running a
mail server that typically sends several hundred copies of each
message to gmail. Some of those can be batched, but not all of them.
Mine can't be batched because there is no way for mailman to know that
phill(_at_)hallambaker(_dot_)com is actually an alias forwarded to a gmail
account. I have something like 5 gig of mail in my gmail account that
is from various mailing lists I subscribe to.
The way the system should work is through a variation of IMAP. Instead
of mailing lists being a layered application that is poorly supported
by and constantly fighting the SMTP infrastructure, mailing list
subscriptions should be handled in the mail client and by the server.
Essentially a mailing list is an IMAP folder that has multiple people
reading it, each of which need to track what has been read separately.
We used to have a system of that type, it was called NNTP.