[4200] in WWW Security List Archive
Re: Re[2]: Return Receipts and Security
daemon@ATHENA.MIT.EDU (Mary Ellen Zurko)
Thu Jan 30 10:19:08 1997
To: Pat_Noziska@gatekeeper.atlas.com
cc: dwm@xpasc.com, www-security@ns2.rutgers.edu, zurko@opengroup.org
In-reply-to: Your message of "Thu, 30 Jan 1997 01:08:17 EST."
<9701308546.AA854615170@smtplink>
Date: Thu, 30 Jan 1997 08:15:42 -0500
From: Mary Ellen Zurko <zurko@opengroup.org>
Errors-To: owner-www-security@ns2.rutgers.edu
>
>
> Point well taken, but I would contend that your assessment falls under the
> umbrella of privacy.
[in particular responding to ...]
> Beyond that, I would think a receipt would be a kind of probe response
> which would reveal information about the recipient's current activity
> with the system. Since we don't know anything more about your actual
> implementation design, its hard to be sure, but consider:
>
Probing attacks have long been considered an aspect of security
(confidentiality). For example, MLS systems won't tell you that you're
"not allowed" access to a file at a higher level than you; they'll tell
you "it's not there." The theory being that you could get information
you're not allowed (by the system's security policy) from knowing
the existence of particular file names.
This is also the basis of many secure systems poor and uninformative
error messages. Never know when giving error information might breach
system policy.
Mez
