[1236] in WWW Security List Archive
Re: E-mail Address in WEB Browser
daemon@ATHENA.MIT.EDU (Brian W. Spolarich)
Thu Dec 14 13:08:03 1995
Date: Thu, 14 Dec 1995 10:12:58 -0500 (EDT)
From: "Brian W. Spolarich" <briansp@ans.net>
To: patw@aqmd.gov
cc: www-security@ns2.rutgers.edu
In-Reply-To: <vines.1gI8+XQsnkA@dbar7.aqmd.gov>
Errors-To: owner-www-security@ns2.rutgers.edu
| Date: Wed, 13 Dec 95 18:08:33 PST
| From: patw@aqmd.gov
| To: dittrich@cac.washington.edu
| Cc: www-security@ns2.rutgers.edu
| Subject: Re: E-mail Address in WEB Browser
|
| Sorry, I guest I did not make my self clear the first time. I want to know
| if there are write up or plan to make the E-mail address you put in the web
| browser more secure.
| For example, I can put somebody-else E-mail address (on the mail server I
| am using) on my Netscape Web browser, and visit some web site and sent
| "mailto" messages under that assume name. The mail would be sent to the
| "mailto" address as the person I have put in the E-Mail options
| of the Netscape browser.
This is not a new problem. Forging SMTP mail has always been
relatively trivial, although some work has been done to minimize the
problem, and add some basic accountability.
The answer is probably going to be digitial signatures and other
public/private key technologies, which will allow one to effectively
"sign" a message, allow others to verify that the message was indeed sent
by whoever the message claims sent it. It is assumed that only you possess
your private key, so any messages signed by your private key must have
been generated by you.
The implementation of such technologies requires the development of
certfication authorities and public key repository schemes, which are
being actively developed. When these become available, and support for
these techologies and standards are implemented in ubiquitous
applications, the problems you are referring to will be considerably
minimized.
-brian
--
Brian W. Spolarich
briansp@ans.net
