an my suggestion that anyone who
> wanted to disable password resets would have to upload a PGP or SSH
> key first.
> =20
> =20
I suppose if people are so concerned about disabling password resets, the=
n it isn't really unreasonable to expect them to send public keys to you =
instead. You do need a solid way of identifying them somehow, and this is=
inherently more secure than relying on human verification of potentially=
faked image data.
It also removes a lot of the risk involved in the verification process=E2=
=80=A6 either a key matches or it doesn't, but visually verifying images =
is a much more fuzzy situation.
-- =20
Aaron B. Russell
http://unadopted.co.uk
+44 20 3137 4147
--4ff87411_6a3b714c_8726
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
<div style=3D=22font-family: Helvetica; font-size: 13px; =
=22><blockquote type=3D=22cite=22 style=3D=22border-left-style: solid; bo=
rder-left-color: rgb(0, 33, 98); color: rgb(0, 33, 98); border-top-width:=
1px; border-right-width: 1px; border-bottom-width: 1px; border-left-widt=
h: 1px; margin-left: 0px; padding-left: 10px; padding-right: 0px; margin-=
right: 0px; =22><span><div><div><div>I like this option far less than my =
suggestion that anyone who</div><div>wanted to disable password resets wo=
uld have to upload a PGP or SSH</div><div>key first.</div></div></div></s=
pan></blockquote></div><div style=3D=22font-family: Helvetica; font-size:=
13px; =22>I suppose if people are so concerned about disabling password =
resets, then it isn't really unreasonable to expect them to send public k=
eys to you instead. You do need a solid way of identifying them somehow, =
and this is inherently more secure than relying on human verification of =
potentially faked image data.</div><div style=3D=22font-family: Helvetica=
; font-size: 13px; =22><br></div><div style=3D=22font-family: Helvetica; =
font-size: 13px; =22>It also removes a lot of the risk involved in the ve=
rification process=E2=80=A6 either a key matches or it doesn't, but visua=
lly verifying images is a much more fuzzy situation.</div><div><div><div>=
<div>-- <br>Aaron B. Russell<br></div><div>http://unadopted.co.uk</d=
iv><div>+44 20 3137 4147</div></div></div></div>
--4ff87411_6a3b714c_8726--
From andy@??? Sat Jul 07 17:40:19 2012
Received: from andy by mail.bitfolk.com with local (Exim 4.72)
(envelope-from <andy@???>) id 1SnYzT-0003Oa-BB
for users@???; Sat, 07 Jul 2012 17:40:19 +0000
Date: Sat, 7 Jul 2012 17:40:19 +0000
From: Andy Smith <andy@???>
To: users@???
Message-ID: <20120707174019.GY3867@???>
References: <20120707130537.GA11695@???>
<ECAE67DBAB7C44C2BA99DA232CC6E395@???>
<5C522D3C-B8E2-46E2-B4AC-5436A4626E62@???>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
protocol="application/pgp-signature"; boundary="8PmjN3crGoJ4VbbS"
Content-Disposition: inline
In-Reply-To: <5C522D3C-B8E2-46E2-B4AC-5436A4626E62@???>
OpenPGP: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
X-URL: http://strugglers.net/wiki/User:Andy
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Sat,
07 Jul 2012 17:40:19 +0000
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: andy@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd1.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN:
X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS shortcircuit=no
autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: Re: [bitfolk] Proving that you are you
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Sat, 07 Jul 2012 17:40:19 -0000
--8PmjN3crGoJ4VbbS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi Dmitriy,
On Sun, Jul 08, 2012 at 12:05:51AM +0700, Dmitriy Kazimirov wrote:
> My is just ask permission to charge small (<10 GBP) amount of money from =
last used card and ask customer exact amount(after verification just credit=
money to customer)
> (if your billing system allow that)
Unfortunately at the moment most payment methods involve sending a
payment request to an email address, so for identity purpo
