headers
Keith Moore | 1 Dec 1995 02:31
Picon

Re: Secure EMail, How?

> How can I send and receive email securely without any end user
> complexity? 

Unfortunately, that's sort of like asking how to make pigs fly.

First of all, what do you mean by "secure"?  Whom do you trust
not to snoop on your data or try to change it as it goes by?
The Internet? (probably not)  Your local network?  The local 
network at the other end of the connection?  You have to evaluate
your level of trust for every element in the path that handles
unencrypted data.

Do you trust the user's PC?  How do you make sure nobody else is
using it?  How do you make sure that nobody has modified the 
software on it, (either directly or due to infection by some virus)
to compromise the encryption program or the encrypted data?
(this is equivalent to asking "How do you stop users from installing
ANY outside software on their PCs?")

How do you know the user is who he says he is?  Do you store a
secret on a file on his disk that the user must possess before
you believe him?  How do you keep someone else with access to 
that PC (or a virus writer) from getting that secret or changing
it so that the user cannot access his bank account?  What happens
if the user's files (containing this secret) get copied to some 
other machine?

If you store the secrets or the encryption software on a file 
server, how does the PC authenticate itself to the file server?
(And how does the file server authenticate itself to the PC?)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Harald.T.Alvestrand | 1 Dec 1995 09:43
Picon
Picon

Re: Secure EMail, How?

YOu can't do it without SOME end-user complexity.
The user needs at least to be aware of who he is and who the
recipient is.
The systems manager needs to be aware of a good deal more than that.

Keywords are:
- PGP
- MOSS (PEM)
- Certificates
- Chains of trust
- Keyservers
- Secure password storage
- Trusted binaries
- Trusted local environment

If you don't know what security you are aiming for, deploying encrypted
E-mail is rather useless.

        Harald A
From majordomo <at> singnet.com.sg Tue Dec  5 17:36:54 1995
Received: from dimacs.rutgers.edu (root <at> dimacs.rutgers.edu [128.6.75.16]) by list.cren.net
(8.6.12/8.6.12) with ESMTP id RAA01850 for <ietf-smtp <at> list.cren.net>; Tue, 5 Dec 1995 17:36:01 -0500
Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by dimacs.rutgers.edu
(8.6.12+bestmx+oldruq+newsunq+grosshack/8.6.12) with ESMTP id RAA17045 for
<ietf-smtp <at> dimacs.rutgers.edu>; Tue, 5 Dec 1995 17:35:56 -0500
Received: from lantana.singnet.com.sg by relay2.UU.NET with SMTP 
	id QQzsvy26745; Tue, 5 Dec 1995 17:35:49 -0500 (EST)
Received: (from news <at> localhost) by lantana.singnet.com.sg (8.6.12/8.6.9) id GAA10671; Wed, 6 Dec 1995
06:35:46 +0800
To: info-ietf-smtp <at> uunet.uu.net
(Continue reading)

Permalink | Reply | 0 comments |
headers
Lindsay | 14 Dec 1995 02:10
Picon

Using SMTP to receive mail

Hi everyone - I subscribed to this list in the hope that I could ask questions like this here.
If I am wrong, please correct me!

Anyway, I am writing a email client, and I have noticed that some ISP's (e.g. Demon Internet, UK) do not
provided pop servers, but deliver thier mail with SMTP to the mail clients.

Can anyone tell me how the mail clients read the mail using SMTP?

Thanks - Linz.
---------------------------------------------
Lindsay Mathieson, a Kiwi in Brisbane, Australia, Using MailCat for Win32 Beta Vs b2.00
For best results, use SET BUGS=OFF
Permalink | Reply | 0 comments |
headers
Internet-Drafts | 14 Dec 1995 15:49
Picon
Picon

I-D ACTION:draft-myers-smtp-mrep-00.txt

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.                                                               

       Title     : The SMTP MREP extension command                         
       Author(s) : J. Myers
       Filename  : draft-myers-smtp-mrep-00.txt
       Pages     : 7
       Date      : 12/13/1995

SMTP [SMTP] [HOST-REQ] and its service extensions [ESMTP] provide a 
mechanism for transferring mail reliably and efficiently.  The design of 
the SMTP protocol effectively requires the receiver-SMTP to manage a mail 
delivery queue.                

In some limited circumstances, outside the area of mail exchange between 
independent hosts on public networks, it is desirable to implement a system
where a mail receiver does not manage a queue. This document describes an 
extension command which modifies the SMTP protocol to accommodate this 
situation.                                                

This extension is one which should be used only by specific prior 
arrangement and configuration.  Its use by a sender-SMTP should not be 
triggered by availability, therefore the extension is not given 
an ESMTP EHLO keyword.  

Internet-Drafts are available by anonymous FTP.  Login with the username
"anonymous" and a password of your e-mail address.  After logging in,
type "cd internet-drafts" and then
     "get draft-myers-smtp-mrep-00.txt".
A URL for the Internet-Draft is:
(Continue reading)

Permalink | Reply | 0 comments |

Gmane