Follow-up Comment #4, sr #110907 (project administration):
[comment #3 comment #3:]
> Let us imagine that the message with the hash is intercepted; then it would
be possible for the interceptor to impersonate that user in that tracker item,
wouldn't it?
Often, but the from address is often secured (some newfangled authorised
mail-submission-agent system with DNS, I think) and you can check the security
of the email path in those cases, so if the user has nominated a from address
for a so-secured mail-exchange then you're alright in that case. I suggested
the user might nominate an email signature certificate which can't be
impersonated much more than the website login.
Even outside those cases, this is limited to commenting so you can clean up
once you realise that a user has been impersonated and change the salts as
often as you like. On the occasions that a salt has been changed before a user
replies you can send out a new address for them to resend their reply to so
you can even change the salt very often. If you allow this case then you can
indicate that the comment has no or little identity verification so people
don't act as if such a comment was an authority. Alternatively or in-addition,
on occasion a user could log in and validate the identity of comments sent by
email and you could make that easy by sending a digest with a validation link
either before or after the emails are spooled into comments. It would still be
more practical to converse on development topics than interrupting a user
workflow with website visits and the website login process injected between
thoughts. The advantage of sending a digest with validation request is that
this most awkward case can be handled with a spool separate to the rest of the
system.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/support/?110907>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
