home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.protocols.tcp-ip
- Path: sparky!uunet!shearson.com!newshost!pmetzger
- From: pmetzger@snark.shearson.com (Perry E. Metzger)
- Subject: Re: SMTP mail
- In-Reply-To: ccg@tcdsp1.mmm.com's message of Wed, 29 Jul 92 17:52:38 GMT
- Message-ID: <PMETZGER.92Jul29161035@snark.shearson.com>
- Sender: news@shearson.com (News)
- Reply-To: pmetzger@shearson.com
- Organization: Lehman Brothers
- References: <92209.190519KKEYTE@ESOC.BITNET> <92211.092548KKEYTE@ESOC.BITNET>
- <1992Jul29.083024.1@ptavv.llnl.gov>
- <1992Jul29.175238.20719@mmm.serc.3m.com>
- Date: Wed, 29 Jul 1992 21:10:35 GMT
- Lines: 34
-
-
- In article <1992Jul29.175238.20719@mmm.serc.3m.com> ccg@tcdsp1.mmm.com ("Charles Ganzhorn") writes:
-
- >I'd like to jump in here and ask a couple of questions:
-
- >What is MIME?
-
- A multimedia mail standard that uses SMTP transport.
-
- >Secondly, I fail to see why forgery is not considered a breach of security.
-
- A breech of security is when someone can gain unauthorized access to
- your host; the sendmail debug verb that the Morris worm took advantage
- of was a security hole. A breech of authentication is what forgery
- permits, in which you cannot know who sent you a message. As has been
- pointed out repeatedly, this is also a problem with paper letters. As
- has also been pointed out, PEM and similar systems are the proper way
- to address this problem.
-
- >Next, saying that mail doesn't require privacy is just caving in to
- >the fact that I can't get it with SMTP.
-
- Privacy is a third issue entirely, different from host security and
- authentication. To assure privacy, no method will work other than
- cryptography, period. The internet is not and cannot be secure in its
- transmitions; with hundreds of thousands of miles of line, its
- impossible to keep people from tapping some of it. This is NOT an SMTP
- failing.
-
- --
- Perry Metzger pmetzger@shearson.com
- --
- Just say "NO!" to death and taxes.
- Extropian and Proud.
-
