Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site hou3c.UUCP
Path: utzoo!watmath!clyde!burl!hou3c!Margulies@CISL-SERVICE-MULTICS.ARPA
From: Margulies@CISL-SERVICE-MULTICS.ARPA ("Benson I. Margulies")
Newsgroups: net.mail.headers
Subject: Authentication
Message-ID: <840307010738.841199@CISL-SERVICE-MULTICS.ARPA>
Date: Tue, 6-Mar-84 20:07:00 EST
Article-I.D.: hou3c.388
Posted: Tue Mar  6 20:07:00 1984
Date-Received: Wed, 7-Mar-84 06:45:32 EST
Sender: ka@hou3c.UUCP (Kenneth Almquist)
Lines: 18
To: header-people@MIT-MC.ARPA

I disagree with Mr.  Covert.

Given the assumption that the net gives me trustworthy informatio on the
source host of mail (which the ARPAnet can), and knowledge of the
security characteristics of the hosts on the net, authentication is
available.

Consider two Multics systems on ARPA.  The sending system software that
installs the source name in the envelope is trusted code.

The recieving server can validate that the IMP leader/IP header specify
the address of a directly connected trusted mail host, and copy the
envelope source user name into the appropriate Sender field.  Voila!  We
maintain the envelope data in trusted code so that even local mail has
authenticated sources.

Over an unreliable communications medium, where you cannot perform HOST
level authentication, mr.  covert is correct.  only encryption will do.