1993-07-12 - SMTP, PINE, and security

Header Data

From: greg@ideath.goldenbear.com (Greg Broiles)
To: cypherpunks@toad.com
Message Hash: f246d6c0e76fcb4b79b64a8da8231930190c78f8878dfa5de6668f5d2063999e
Message ID: <ZBBk7B1w164w@ideath.goldenbear.com>
Reply To: N/A
UTC Datetime: 1993-07-12 07:27:08 UTC
Raw Date: Mon, 12 Jul 93 00:27:08 PDT

Raw message

From: greg@ideath.goldenbear.com (Greg Broiles)
Date: Mon, 12 Jul 93 00:27:08 PDT
To: cypherpunks@toad.com
Subject: SMTP, PINE, and security
Message-ID: <ZBBk7B1w164w@ideath.goldenbear.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

me <uunet!Cloud.Cuckoo.Land!root> writes:

>   One of the many neat features of PINE is that it allows one to talk
> to the SMTP server _directly_, bypassing sendmail (and its security checks).
> What this means is that instead of doing a  "telnet xxxx smtp", you can
> build and configure a PINE client to do it for you, and retain all the
> nice features. PINE source code is freely available, and does not require
> root privs to run (any more than it requires root privs to "telnet xxx smtp")
[stuff deleted]
> If that happens, the days of EZ phreaking are over.....

I dunno; if things change such that it's considered normal for users to
connect to local or outside SMTP and NNTP ports, that would seem to create
an convenient smokescreen/excuse for folks who use those ports for their
own (non-approved) ends. It'll be a lot harder to look through a log for
unknown connections.

See the discussion on comp.dcom.telecom about how difficult it is to
provide authentication of cellular phones and fraud prevention, while
allowing people to buy new phones easily, roam, and do all of that
other stuff that people do. I think the SMTP/NNTP/PINE/whatever stuff
is very similar - I think it may prove so difficult to truly authenticate
unknown and untraceable users that people will turn to other means for
identifying a few trusted machines/people/processes. Public-key crypto,
perhaps? :) Security and convenience are basically incompatible; I'm hoping
that we opt for convenience.


-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLEEIfn3YhjZY3fMNAQGVfwQAoestrAnd168C061KVqb+znRBFNoAIS1k
Ic7JtsVxzj9xaFc5v5nKDUgHD4g47ulTyc1jqEFKmUjfqfal5xZVhN+/4wHFaN0v
2gNbYByvd7/QL685+lkGGkFr1ff7qTdWqVk5LV6b4fRyhJcTHIH48x/55QO0Oo3y
DYdA6GDuChk=
=SOFw
-----END PGP SIGNATURE-----

--
Greg Broiles                            greg@goldenbear.com
Golden Bear Computer Consulting         +1 503 465 0325
Box 12005 Eugene OR 97440               BBS: +1 503 687 7764





Thread