User: Password:
Subscribe / Log in / New account



Posted May 1, 2014 21:52 UTC (Thu) by clint (subscriber, #7076)
In reply to: Passwords by mathstuf
Parent article: A preview of HyperKitty's reimagined mailing list interface

Let's say I have a shell account somewhere where I can run monkeysphere but there is no site-wide Monkeysphere policy or activity. Using whatever alternate methods I currently have to authenticate, I can log in and configure any set of OpenPGP keys to be trusted identity certifiers, and any set of OpenPGP userids to represent authorized users of my shell account.

You can implement the same concepts in anything that uses OpenPGP authentication, without using any Monkeysphere software: in effect, a per-user pair of (trusted keyring and a set of authorized user IDs). Everything is localized solely to you unless you choose it not to be.

(Log in to post comments)


Posted May 2, 2014 11:24 UTC (Fri) by dskoll (subscriber, #1630) [Link]

That's over-engineering it. mathstuf's suggestion is probably fine: you just have "email me a login link" which times out in an hour or two and have no passwords whatsoever.


Posted May 2, 2014 14:35 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Agreed. It's a mailing list and not a bank account. We don't need to go from "plaintext storage we email you every month" to "PGP-based web of trust" for it. Now, for the banks…

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds