home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!cis.ohio-state.edu!magnus.acs.ohio-state.edu!usenet.ins.cwru.edu!agate!overload.lbl.gov!lll-winken!ptavv.llnl.gov!oberman
- From: oberman@ptavv.llnl.gov
- Newsgroups: comp.protocols.tcp-ip
- Subject: Re: SMTP mail
- Message-ID: <1992Jul29.165716.1@ptavv.llnl.gov>
- Date: 30 Jul 92 00:57:16 GMT
- References: <92209.190519KKEYTE@ESOC.BITNET> <92211.092548KKEYTE@ESOC.BITNET> <1992Jul29.083024.1@ptavv.llnl.gov> <1992Jul29.175238.20719@mmm.serc.3m.com>
- Sender: usenet@lll-winken.LLNL.GOV
- Lines: 59
- Nntp-Posting-Host: ptavv.llnl.gov
-
- In article <1992Jul29.175238.20719@mmm.serc.3m.com>, ccg@tcdsp1.mmm.com ("Charles Ganzhorn") writes:
- > I'd like to jump in here and ask a couple of questions:
- >
- > What is MIME?
-
- If memory serves it is Multimedia Internet Mail Extensions.
-
- It's the new multi-media mail proposal. It provides the capability to include
- non-textual material in a mail message in a standardized way so that it may be
- properly handled. This includes sound, images, and a variety of other things.
-
- > Secondly, I fail to see why forgery is not considered a breach of security.
-
- It depends on your definition of "breach of security". It does not provide any
- access to your operating system of files to unauthorized users nor can it
- allow the compromise of data on your system. In government terms (and I suspect
- others), that is what a breach of security is. Mail, itself, cannot breach
- security. It can do other things like embarrass people who believe everything
- they read, though. And, in doing so might cause a LOT of trouble.
-
- > Next, saying that mail doesn't require privacy is just caving in to the fact that
- > I can't get it with SMTP.
-
- Once again, this is NOT a function of SMTP! That's like saying that you will
- not allow the postman to deliver mail because some of it may be forged.
-
- > A good mail system should include authentication, privacy, arbitrary file
- > attachments, acknowledgement, directory look-ups, and mailing lists just to
- > name a few features.
-
- Would be nice. So why don't you sit down and write it?
-
- > Now, SMTP doesn't preclude any of this: the user interfaces for SMTP
- > are just crude. The only part that SMTP really interferes with is that
- > everything (as far as I know and correct me if I'm wrong) must be transmitted in a
- > text format. That puts undue stress on the mailers to encode everything.
-
- MIME takes care of this.
-
- > What has been people's experience with the NYSERnet X.500 trial and did they
- > come up with any decent user interfaces with, for example, an integrated
- > directory look up?
-
- Works quite well. We use QUIPU here.
-
- And, on a side note, while RFC931 identification is not a bad thing, it's of
- limited value on E-Mail due to gatewaying. I refuse to call it an
- authentication server because it is NOT. It's trivial to fool...if you know
- it's there. It works fairly well for the moment because it's still unusual and
- forgers are not expecting it.
-
- This does not mean I am opposed to 931 and its descendents, but it should not be
- though of as a real security measure, only a tool.
-
- R. Kevin Oberman Lawrence Livermore National Laboratory
- Internet: koberman@llnl.gov (510) 422-6955
-
- Disclaimer: Don't take this too seriously. I just like to improve my typing
- and probably don't really know anything useful about anything.
-