-----BEGIN PGP SIGNED MESSAGE-----
"Alan" == Alan Bostick <abostick@netcom.com> writes:
[.....] Alan> There is a way that attackers who have seized or copied the Alan> database can search it - by trying it out on anonymous IDs, or Alan> user addresses, until they hit paydirt. I think that's exactly where the problem lies. The advantage of your proposal is, that for an honest SysOp your system makes it easier not to look on the database, but I assume that Julf isn't interested in the contents of the database anyways.. But for a real attacker it's just a small inconvinience, nothing more. Alan> So what do people think of this scheme of mine? Are there Alan> drawbacks or weaknesses that I'm not seeing? I think it's similar to a postmaster running a script to automatically removing the actual message from a bounced mail, before she looks at it. But I don't think it's really making penet-style servers more secure. Have a nice day, and hope your flu cured now! Olmur - -- "If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann Please encipher your mail! Contact me, if you need assistance. finger -l mdeindl@eisbaer.bb.bawue.de for PGP-key Key-fingerprint: 51 EC A5 D2 13 93 8F 91 CB F7 6C C4 F8 B5 B6 7C -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMYEyKA9NARnYm1I1AQFZaQP/Q6jt+o1oDLysFTcxkitZF5aaQbwNa0Z6 Ud/oJqeTZvVtbltbJ7CIAIQCHydYLnBcxbeAw3EJDPpMYXaVz0Lsd00cdggD8Uh4 nY6dc4MaWvU0Kv1QUsdBlsIzpPwqvB9+WnXFQxcu/DONQT5pNkkzJWRGoHNj6+f4 kr31q2gniis= =M/jY -----END PGP SIGNATURE-----