[5452] in cryptography@c2.net mail archive
Re: message-signing at the MTA level
daemon@ATHENA.MIT.EDU (Russell Nelson)
Mon Aug 23 00:00:05 1999
From: Russell Nelson <nelson@crynwr.com>
Date: Sun, 22 Aug 1999 21:58:22 -0400 (EDT)
To: Greg Rose <ggr@qualcomm.com>
Cc: cryptography@c2.net
In-Reply-To: <4.1.19990822214353.00b87c60@127.0.0.1>
Greg Rose writes:
> At 22:09 21/08/1999 -0400, Russell Nelson wrote:
> >I've been thinking about cryptographic signing of messages at the mail
> >transfer agent level. I can think of how to do it, but I'm not sure
> >what problem it solves. :) Anyone have any ideas?
>
> Signing messages at the MTA level solves no problem at all unless there's a
> widely deployed PKI.
Because of man in the middle attacks? You could supply a public key
in the SMTP server banner, but that doesn't help if someone is fudging
things in the middle. Encryption would help, though, wouldn't it? Of
course, you've got a nasty bit of known plaintext right at the
beginning: "Received:"
Actually, if your sole threat model is "telnet mail.example.com 25",
then *any* kind of crypto helps. :) And if I go down in history for
any quote at all, it should be: "Crypto without a threat model is like
cookies without milk."
--
-russ nelson <nelson@crynwr.com> http://russnelson.com
Crynwr sells support for free software | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
