Firewalls: RE: Re[2]: SMTP mail spoofing

Firewalls
(June 1994)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Re[2]: SMTP mail spoofing
From:	dcrocker @ mordor . stanford . edu (Dave Crocker)
Date:	Mon, 27 Jun 1994 23:14:10 -0700
To:	dsmith @ isc . nva . ge . com
Cc:	Firewalls @ greatcircle . com

At 8:56 PM 6/27/94, dsmith @
 isc .
 nva .
 ge .
 com wrote:
>>>     If you really need to know about your mail delivery you need X.400.
...
>>This is wrong.
>Not according to what you write below -- the capabilities are similar.
>The difference is
>the RSA that is used in X.400/X.500 (X.500 primarily).

1. You stated that THE choice was x.400.  The gist of my response was
exactly that the spec'd services of smtp-etc. and x.400 are similar.
Hence, it ain't so obvious that 'you need x.400'.  From the general specs,
they're pretty similar.  But then, specs are one thing and mature end-user
services are another.

2. RSA is common to all the privacy/authentication schemes, I believe.  It
certainly is at the core of PEM, RIPEM and PGP.

>Here you are talking about apples and something else.  What a mail system
>offers
>depends on what you ask it to do.

I'm confused by your response.  At one level, your comment is of course a
tautology.  At another level, my own response is that what a mail system
offers depends on what is IMPLEMENTED and USED, not just what is spec'd.
Hence, the critical point for making an operational choice -- especially
one that is mission critical -- is to look at real implementations, real
operations experience and real user experience.  That is, ask about
operational maturity.  Almost anything can be made to work in small scale;
a major lesson of the Internet is to look for the ability to field on a
large (and diverse) scale.

>We use a lot of the X.400 security for our customers.   We delivery
>turnkey mail systems
>among other security related things.

oh good.  perhaps you can help me/us to understand usage statistics for
x.400 and these features, including a sense of the permeation of
'interesting' email features.  (For example, PEM is official; PGP is not.
I have not numbers but suspect that PGP is in great use.  However, NONE of
the Internet stuff is wide spread.  Not even close.)  Can you provide any
sort of detailed insight to X.400 usage (sites, users, traffic,
feature-exercise...)?

Dave

+1 408 246 8253  (fax:  +1 408 249 6205)

Indexed By Date	Previous:	WWW Page for Security Information... From: Rodney Campbell <rodney @ cssc-syd . tansu . com . au>
Indexed By Date	Next:	FireWall Vendor List ERROR From: Florian Gutzwiller <Florian . Gutzwiller @ open . ch>
Indexed By Thread	Previous:	Re: Re[2]: SMTP mail spoofing From: Frederick M Avolio <avolio @ tis . com>
Indexed By Thread	Next:	SMTP mail spoofing From: "Perry E. Metzger" <perry @ imsi . com>