home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!sun-barr!ames!nsisrv!mimsy!ra!atkinson
- From: atkinson@itd.nrl.navy.mil (Randall Atkinson)
- Newsgroups: comp.protocols.tcp-ip
- Subject: Re: SMTP mail
- Message-ID: <3175@ra.nrl.navy.mil>
- Date: 30 Jul 92 21:40:26 GMT
- References: <92209.190519KKEYTE@ESOC.BITNET> <1992Jul29.021534.6708@mp.cs.niu.edu> <92211.092548KKEYTE@ESOC.BITNET>
- Sender: usenet@ra.nrl.navy.mil
- Organization: Naval Research Laboratory, DC
- Lines: 34
-
-
- In article <92209.190519KKEYTE@ESOC.BITNET> Karl Keyte <KKEYTE@ESOC.BITNET>
- writes:
- >
- >The SMTP has recently been removed at our site because of its well-known
- >security hole.
-
- In article <1992Jul29.021534.6708@mp.cs.niu.edu>,
- rickert@mp.cs.niu.edu (Neil Rickert) says:
- % Would you like to enlighten us as to the nature of this "well known
- % security hole".
- %
- % It is well known that email can be forged. Most people don't consider
- % this a security problem, although it may present an identification
- % problem. If you consider email forgery a security hole, then I presume
- % you have also shut off all paper mail, which can just as easily be
- % forged.
-
- In article <92211.092548KKEYTE@ESOC.BITNET> KKEYTE@ESOC.BITNET (Karl Keyte) writes:
- >& that's not a security hole? It is if you want to believe mail that you
- >receive. Paper mail is usually signed. The point is, SMTP is stupidly
- >simple (as we all know) in it's "authentication". My question still
- >stands.
-
- Karl,
- It is MUCH EASIER to forge BITNET mail than SMTP, so SMTP is not any
- worse than what you all apparently continue to use. Use the Privacy
- Enhanced Mail (PEM) specifications and build a mail envelope that
- provides the security properties you need outside of the SMTP issue.
- SMTP is probably not a problem per se, so the PEM approach makes
- sense. The RFCs are online at the usual archive sites.
-
- Ran
- atkinson@itd.nrl.navy.mil
-
