home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.protocols.tcp-ip
- Path: sparky!uunet!darwin.sura.net!mips!odin!sgi!rhyolite!vjs
- From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver)
- Subject: Re: SMTP mail
- Message-ID: <ntlu7eg@rhyolite.wpd.sgi.com>
- Organization: Silicon Graphics, Inc. Mountain View, CA
- References: <92209.190519KKEYTE@ESOC.BITNET> <92211.092548KKEYTE@ESOC.BITNET>
- Date: Wed, 29 Jul 1992 18:53:02 GMT
- Lines: 30
-
- In article <92211.092548KKEYTE@ESOC.BITNET>, KKEYTE@ESOC.BITNET (Karl Keyte) writes:
- > >>
- > >>The SMTP has recently been removed at our site because of its well-known
- > >>security hole.
- > >
- > > It is well known that email can be forged. Most people don't consider
- > >this a security problem, although it may present an identification
- > >problem. If you consider email forgery a security hole, then I presume
- > >you have also shut off all paper mail, which can just as easily be
- > >forged.
- > >
- >
- > & that's not a security hole? It is if you want to believe mail that you
- > receive. Paper mail is usually signed. The point is, SMTP is stupidly
- > simple (as we all know) in it's "authentication". My question still
- > stands.
-
-
- If you do not use SMTP, you will not get a lot of mail.
-
- If you require the other end of TCP/IP or UDP/IP connections over the
- Internet to be really authenticated, you can get by with a very low
- speed link.
-
- There is PEM, Privacy Enhanced Mail, which involves digital signatures
- to authenticate mail. It is based on SMTP, so you might find it
- unacceptible.
-
-
- Vernon Schryver, vjs@sgi.com
-