On Nov 2, 2012, at 3:39 PM, Paul Aitken <paitken@xxxxxxxxx> wrote: > John, > >>> Why does the "mailing list memberships reminder" send passwords in the clear? >> Because that's what Mailman does. Send code. > > And that's acceptable to the IETF? You're kidding me, right? > Because the security is compatible with the risk. These are open mailing lists; anyone can join, and anyone can read the archives without subscribing. This means that the resource being protected is of low value -- very low value. Sending out a randomly-generated password in the clear is perfectly acceptable for that situation. Having that off by default would be reasonable, but to reduce annoyance, not because it produces any real increase in security. For a private, sensitive mailing list, the analysis would be different. --Steve Bellovin, https://www.cs.columbia.edu/~smb