I understand that the identities issue is an issue with every desktop client, and that RoundCube is suppose to be a desktop-esk client in a browser. Still that being said, I would maintain that Identities is a feature and it would be nice if admins had the ability to turn that feature off. If I am alone on this then so be it, I will just turn it off myself, o be the glory of open source. But I still thought the point was valid to raise.
Btw, Jason, I like your satire, good work.
Jim Lester ACM Staff Manager notroot@acm.cs.umn.edu
On Mon, 8 Jan 2007 18:58:52 -0500, Jason Stelzer cynic@elitistbastard.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Jan 8, 2007, at 6:02 PM, Jim Lester wrote:
So I like the ability to have multiple identities but right now its a huge security risk to have enable the way I see it. Since there is no indication in the header of the original username, and also no check to authorize the user for the address they are adding, I just can't allow my users to have that option. It wont even be a day before people start sending emails out as me and as the officers. Does anybody else share this sentiment? If so, I propose that there needs to be 1) a simple way to disable it and 2) a way to force RC to put the original identity into the headers of the outgoing message. Thanks.
So you're saying you want to change how email works?
The 'problem' you're describing applies to just about any mail client that an end user has to configure. Desktop or otherwise.
Of course, we could always come up with a way to embed a digital signature on emails so we could verify identities. That way we could ensure that messages are indeed from who they claim to be and that content has been unmodified. Actually, if both parties exchanged keys prior to the email, then we could encrypt the entire message. Of course this would rely on some fairly advanced cryptography, but the resulting privacy and identity verification would be pretty good.
Oh... wait...
J.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin)
iD8DBQFFotq8vxud+cMTf5IRAs4fAKCKiINlnfN2IBk3sifGWDfiGw4ARACgwltr ZXiBmnxXCy9AZ7SahvyBezc= =Y/1t -----END PGP SIGNATURE-----