1995-12-25 - Re: Only accepting e-mail from known parties

Header Data

From: Adam Shostack <adam@lighthouse.homeport.org>
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Message Hash: 242acc39eff91ea6def489ac9eaf20c0e2dae6d34ec32048ab46d3e146a96320
Message ID: <199512251754.MAA01460@homeport.org>
Reply To: <X8BogD7w165w@bwalk.dm.com>
UTC Datetime: 1995-12-25 18:20:32 UTC
Raw Date: Tue, 26 Dec 1995 02:20:32 +0800

Raw message

From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 26 Dec 1995 02:20:32 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: Only accepting e-mail from known parties
In-Reply-To: <X8BogD7w165w@bwalk.dm.com>
Message-ID: <199512251754.MAA01460@homeport.org>
MIME-Version: 1.0
Content-Type: text


Dr. Dimitri Vulis wrote:

| I said, Carol can *forge* the RFC 822 header, so her e-mails look like they
| came from Bob, and use the body from Bob's authentic PGP-signed message.

	Yes, this is possible.  No, I'm not going to take the time to
write a fix now, but, we both know its not tough to prevent.

	Take the hash of the pgp signed message, use it to filter on.
I'll occaisonally add text outside a signature (literally, a
postscript), so filtering out everything outside the signed text is a
bad idea.  You might get a few spams, but not hundreds.  Its tough to
ensure that mail always has an envelope that matches the key.  I still
use a key that say adam@bwh.harvard.edu, but most of my mail is signed
with an adam@homeport.org key.

	Cryptography can't solve social problems.  It can, however,
transform them into tougher problems for the anti-social.

Adam
-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






Thread