From: utzoo!decvax!steveg Newsgroups: net.followup Title: Re: CSNet opinions? Article-I.D.: decvax.253 Posted: Fri Jul 2 23:47:50 1982 Received: Sat Jul 3 06:27:35 1982 References: cbosgd.2427 The CSnet people mention the following security problem (to which they openly solicit any solutions): CSnet will have name-server nodes to which one can send mail and query about identities and correct addresses of people on the net. Eventually it should be posssible to be able to send (phase III) to people by misspelled names, or description (e.g. that proff at uwisc into broad-band). The problem is that it becomes fairly trivial for some "Snidely Whiplash" character to enter descriptions in the database to make himself look like (or misspelled like) someone else whose confidential mail he wishes to steal. Naturally, one should only use "absolute" addressing for the most confidential material. But in the ultimate security sense (security people frequently go this far) one can never be sure that a particular name really goes with a person unless you physically meet them and they tell you their address. (even so can you really be sure it is not an imposter?). Slowly paralyzing paranoia creeps in..... - Steven Gutfreund