1.6.1 (build 1081.52)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="4ff87411_6a3b714c_8726"
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Sat,
07 Jul 2012 17:38:26 +0000
X-SA-Exim-Connect-IP: 2001:ba8:1f1:f1de::f5:c
X-SA-Exim-Mail-From: aaron@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd2.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN:
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT
shortcircuit=ham autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 SHORTCIRCUIT Not all rules were run,
due to a shortcircuited rule
* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Cc: users@???
Subject: Re: [bitfolk] Proving that you are you
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Sat, 07 Jul 2012 17:38:26 -0000
--4ff87411_6a3b714c_8726
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
> I like this option far less than my suggestion that anyone who
> wanted to disable password resets would have to upload a PGP or SSH
> key first.
> =20
> =20
I suppose if people are so concerned about disabling password resets, the=
n it isn't really unreasonable to expect them to send public keys to you =
instead. You do need a solid way of identifying them somehow, and this is=
inherently more secure than relying on human verification of potentially=
faked image data.
It also removes a lot of the risk involved in the verification process=E2=
=80=A6 either a key matches or it doesn't, but visually verifying images =
is a much more fuzzy situation.
-- =20
Aaron B. Russell
http://unadopted.co.uk
+44 20 3137 4147
--4ff87411_6a3b714c_8726
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
<div style=3D=22font-family: Helvetica; font-size: 13px; =
=22><blockquote type=3D=22cite=22 style=3D=22border-left-style: solid; bo=
rder-left-color: rgb(0, 33, 98); color: rgb(0, 33, 98); border-top-width:=
1px; border-right-width: 1px; border-bottom-width: 1px; border-left-widt=
h: 1px; margin-left: 0px; padding-left: 10px; padding-right: 0px; margin-=
right: 0px; =22><span><div><div><div>I like this option far less than my =
suggestion that anyone who</div><div>wanted to disable password resets wo=
uld have to upload a PGP or SSH</div><div>key first.</div></div></div></s=
pan></blockquote></div><div style=3D=22font-family: Helvetica; font-size:=
13px; =22>I suppose if people are so concerned about disablin
