home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.protocols.tcp-ip
- Path: sparky!uunet!stan!imp
- From: imp@solbourne.com (Warner Losh)
- Subject: Re: SMTP mail
- Message-ID: <Bs66E7.AG7@solbourne.com>
- Organization: Solbourne, User Interface Group
- References: <92211.092548KKEYTE@ESOC.BITNET> <1992Jul29.083024.1@ptavv.llnl.gov> <1992Jul29.175238.20719@mmm.serc.3m.com>
- Date: Wed, 29 Jul 1992 21:30:07 GMT
- Lines: 31
-
- In article <1992Jul29.175238.20719@mmm.serc.3m.com> ccg@tcdsp1.mmm.com
- ("Charles Ganzhorn") writes:
- >Secondly, I fail to see why forgery is not considered a breach of
- >security.
-
- It all hinges on how you define security. It is an authentication
- issue, not a security one, in my opinion.
-
- >Next, saying that mail doesn't require privacy is just caving in to
- >the fact that I can't get it with SMTP.
-
- I never said that mail doesn't require privacy. I just said that it
- was easy to forge and that you shouldn't expect e-mail to be private.
-
- >A good mail system should include authentication, privacy, arbitrary file
- >attachments, acknowledgement, directory look-ups, and mailing lists just to
- >name a few features.
-
- All of these features can be had with the underlying SMTP transport.
- You get authentiation and some privacy from PEM. You can attach
- arbitrary files with things like MIME or mailtool. Acknowledgement
- has been hacked into sendmail, even though there are many serious
- "security" problems with it. The VRFY and EXPN commands in the SMTP
- can be used for directory lookup. There are tons of mailing lists out
- there, so that point is easy.
-
- Warner
- --
- Warner Losh imp@Solbourne.COM
- Interview Horror Story #882: "It's pretty informal around here.
- Thursdays are clothing optional.."
-
