On Thu, 07 Oct 2010 14:16:00 -0000, Sven Olaf Kamphuis said:
you just give contacts for the passwords with which you have received a new one.
each potential person that can send email to your email address, gets a unique password from you.
You missed the point. How does person37@gmail.com ask me for a password, if I don't accept his e-mail without one? (Hold this thought, we'll be back to this)
sending person/maillist 1 gets password abcdefg to send to bla@example.com (no matter from which email address)
sending person/maillist 2 gets password 123545 to send to bla@example.com (no matter from which email address)
And if I've assigned 123545 to duct-tape-2010@yahoo.com, but he's since moved to clawhammer101@gmail.com, how do I securely notify him of the new password, keeping in mind that I'm probably changing the password *because the enemy already has access to the old password*? "Hey Joe - somebody has enough access to your system to get 123545 - so use fuzzy-wombat instead". What's wrong with this picture? With 140 million compromised boxes where sending the new password is basically e-mailing to the enemy, and the scheme leaking new passwords to boot, "revoke and issue a new credential" simply doesn't scale. In other words, the only sane response is "revoke and don't bother setting new one". At which point the person has to contact me and ask for a new password. "Hey, this is duct-tape-2010, my password doesn't work, give me a new one". Given that his old password doesn't work because I revoked it when a spammer got hold of it, how do I know that I'm not giving the new password directly to the spammer and the esteemed Mr Tape has no idea any of this happened? Further discussion probably belongs on SPAM-L.