Great Circle Associates Firewalls
(March 1994)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Authentication of e-mail
From: "Mark R. Ludwig" <Mark-Ludwig @ uai . com>
Date: Mon, 07 Mar 1994 11:18:28 -0800
To: firewalls @ greatcircle . com
In-reply-to: <199403071506 . HAA21333 @ mail . netcom . com> from "Nobody Special" on Mon, 07 Mar 1994 07:06:00 PST.

I once thought it was silly that e-mail is so easily forged.  Then
someone pointed out to me how easily one can forge _physical_ mail --
the kind delivered five or six days a week by someone working for a
(quasi-)government entity and wearing a uniform.

It is utterly futile to put any effort into trying to authenticate the
sender of RFC 821 mail.  It just doesn't make any sense, because there
is no basis in the underlying protocols to authenticate anything.  One
can improve on the current zero authentication of e-mail by using a
public-key encryption system.  How much it improves depends on your
point of view, as does whether it's worth all the trouble.  It all
operates way far above RFC 821 and friends.

What does it mean when you get mail from someone you don't know?  Why
do you care who _really_ sent it?  What would you do differently based
on the sender?

Did you notice that I didn't specify electronic or physical mail?

When you answer these questions, you might realize that it's rarely
important to know precisely who sent a piece of mail, physical or
electronic.  For those times when it really is important, you might
also realize that (at least today) you probably cannot complete the
transaction electronically anyway.$$
INET: Mark-Ludwig @
 UAI .
 COM         NIC: ML255        ICBM: USA; Lower Left Coast
      "You can't brew beer out of genetically-cultivated barley; they've
        bred the 'buzz' out of it.  I've tried."  -- UEO Chief Bickle

Indexed By Date Previous: Re: IP_FORWARDING
From: Bill Gianopoulos <wag @ sccux1 . msd . ray . com>
Next: email workgroup for rfc 821/822/1123 modification
From: "Michael Nittmann, Principal Communications Analyst, The Trane Company (608 787 3792)" <NITTMANN @ UWLAX . EDU>
Indexed By Thread Previous: don't *bother* flaming about mail fakery
From: Nobody Special <user01 @ arpa . com>
Next: Re: Authentication of e-mail
From: doug @ seas . smu . edu (Doug Davis)

Search Internet Search