From: “Jeff Hupp” <jhupp@novellnet.gensys.com>
To: cypherpunks@toad.com
Message Hash: 4321a28f2fda592ab9116afdded8c4e2efe9cd7ddc7797450bff16e41e3de485
Message ID: <13060E503DA@Novellnet.Gensys.com>
Reply To: N/A
UTC Datetime: 1995-12-25 15:51:41 UTC
Raw Date: Mon, 25 Dec 1995 23:51:41 +0800
From: "Jeff Hupp" <jhupp@novellnet.gensys.com>
Date: Mon, 25 Dec 1995 23:51:41 +0800
To: cypherpunks@toad.com
Subject: Re: Only accepting e-mail from known parties
Message-ID: <13060E503DA@Novellnet.Gensys.com>
MIME-Version: 1.0
Content-Type: text/plain
On 25 Dec 95 at 7:45, Dr. Dimitri Vulis wrote:
[much on a pgp based gateway filter for email]
:
: This is much better than nothing. This would stop the e-mail being
: sent to everyone who's ever posted to Usenet. I see a couple of attacks:
:
: 1. Alice only accepts signed e-mail from Bob. Carol receives a signed e-mail
: from Bob to Carol, sends 10,000 e-mails to Alice (via sendmail) with From: bob,
: same body+signature, possibly varying message-ids and subjects.
:
: 2. Alice only accepts signed e-mail from Bob. Carol, a rogue sysadmin,
: intercepts an e-mail from Bob to Alice, sends 10,000 more copies of it to Alice
: (via sendmail) with From: bob, possibly varying message-ids and subjects.
:
: As I keep pointing out, pgp-signing the body is not enough.
:
Keep checksums of signitures (or body text) for a week, duplicate
messages are routed to /dev/null.
--
JHupp@gensys.com |For PGP Public Key:
http://gensys.com |finger jhupp@gensys.com
You are lost in a maze of twisty little standards, all
different.
Return to December 1995
Return to ““Jeff Hupp” <jhupp@novellnet.gensys.com>”
1995-12-25 (Mon, 25 Dec 1995 23:51:41 +0800) - Re: Only accepting e-mail from known parties - “Jeff Hupp” <jhupp@novellnet.gensys.com>