From: utzoo!decvax!steveg
Newsgroups: net.followup
Title: Re: CSNet opinions?
Article-I.D.: decvax.253
Posted: Fri Jul  2 23:47:50 1982
Received: Sat Jul  3 06:27:35 1982
References: cbosgd.2427

The CSnet people mention the following security problem (to which
they openly solicit any solutions):

CSnet will have name-server nodes to which one can send mail and
query about identities and correct addresses of people on the net.
Eventually it should be posssible to be able to send (phase III)
to people by misspelled names, or description (e.g. that proff
at uwisc into broad-band).

The problem is that it becomes fairly trivial for some "Snidely
Whiplash" character to enter descriptions in the database to
make himself look like (or misspelled like) someone else whose
confidential mail he wishes to steal. 

Naturally, one should only use "absolute" addressing for the most
confidential material. But in the ultimate security sense (security
people frequently go this far) one can never be sure that a particular
name really goes with a person unless you physically meet them and
they tell you their address. (even so can you really be sure it is
not an imposter?).

Slowly paralyzing paranoia creeps in.....

				- Steven Gutfreund