[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] Re: Storage of credentials
|
From: |
Simon Josefsson |
|
Subject: |
[OATH-Toolkit-help] Re: Storage of credentials |
|
Date: |
Fri, 18 Mar 2011 17:02:23 +0100 |
|
User-agent: |
Gnus/5.110016 (No Gnus v0.16) Emacs/23.2 (gnu/linux) |
Max Thoursie <address@hidden> writes:
> Bah, I faild to use the mailing list. Is it possible to set a reply-to
> header? This mail was ofcourse meant for the list. /max
Using a Reply-To often leads to private replies going to the list, which
is worse than when comments intended for the list goes to the author
only. So I prefer to not use a reply-to. Most reasonable mail clients
have a "followup" button next to the "reply" button that will do the
right thing too. See also:
http://marc.merlins.org/netrants/reply-to-harmful.html
http://woozle.org/~neale/papers/reply-to-still-harmful.html
/Simon
> On Fri, Mar 18, 2011 at 2:08 PM, Max Thoursie <address@hidden> wrote:
>> On Fri, Mar 18, 2011 at 12:13 PM, Daniel Pocock <address@hidden> wrote:
>>>> I had a breif discussion with Simon regarding how to store user
>>>> credentials (alternatives to the /etc/users.oath file) before he
>>>> pointed me to this mail-list. Let's continue the discussion here!
>>>
>>> This is essentially why I built dynalogin as an extra layer around HOTP
>>> - you can then put dynalogin and the secrets on a dedicated, hardened
>>> machine. The secrets never travel on the network, it simply gives
>>> yes/no responses to the auth requests.
>>
>> That's great when you can rely on a central server! Many times though
>> that's not an option.
>>
>> /Max
>>
Re: [OATH-Toolkit-help] Storage of credentials, Jean-Michel Pouré - GOOZE, 2011/03/18