[1235] in WWW Security List Archive
Re: E-mail Address in WEB Browser
daemon@ATHENA.MIT.EDU (Jonathon Tidswell)
Thu Dec 14 02:43:48 1995
From: Jonathon Tidswell <t-jont@microsoft.com>
To: patw@aqmd.gov, www-security@ns2.rutgers.edu
Date: Thu, 14 Dec 95 16:09:07 TZ
Errors-To: owner-www-security@ns2.rutgers.edu
Message-ID: syd-02-msg951214061334MTP[01.51.00]000001a0-4001
----------
| From: <patw@aqmd.gov>
| Sorry, I guest I did not make my self clear the first time. I want to know
| if there are write up or plan to make the E-mail address you put in the web
| browser more secure.
| For example, I can put somebody-else E-mail address (on the mail server I
| am using) on my Netscape Web browser, and visit some web site and sent
| "mailto" messages under that assume name. The mail would be sent to the
| "mailto" address as the person I have put in the E-Mail options
| of the Netscape browser.
The solution to this problem is also very similar to the one used in
snail mail,
perhaps its something to to with *mail* systems.
The idea is that you include some identifying (and hard to forge)
information in the document.
This could be a wax seal, a hand written signature, a piece of code
based on a shared secret, references to previous shared secret (non
reusable :-).
In the electronic world you might want an electronic signature, however
you cant force me to sign my mail, the best you can do is reject/ignore
unsigned email.
- Jon Tidswell
Disclaimer: I think my thoughts are my own, and I believe my writings
are too.
