Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site hou3c.UUCP
Path: utzoo!watmath!clyde!burl!hou3c!RSX-DEV@DEC-MARLBORO.ARPA
From: RSX-DEV@DEC-MARLBORO.ARPA (John R. Covert)
Newsgroups: net.mail.headers
Subject: Re: SMTP and authentication
Message-ID: <384@hou3c.UUCP>
Date: Tue, 6-Mar-84 19:07:00 EST
Article-I.D.: hou3c.384
Posted: Tue Mar  6 19:07:00 1984
Date-Received: Wed, 7-Mar-84 06:44:32 EST
Sender: ka@hou3c.UUCP (Kenneth Almquist)
Lines: 18
To: MRC@SU-SCORE, Header-People@MIT-MC
Enet-Address: "Castor::Covert"
Phone: "(603) 884-8271 or DTN 264-8271"
Uucp-Address: "{ucbvax,allegra,decvax}!decwrl!rhea!castor!covert"
Regarding: Message from Mark Crispin  of 6-Mar-84 1656-EST

Authentication does not exist without encryption (because without
encryption you can hack the authentication).

I'm amazed that people who are concerned about authentication think
that following up a message with a TWX or Telex involves any more
authentication!

A TWX or Telex can be hacked just as easily as netmail!  All it takes
is changing the answerback.

When people worry about authentication in netmail, my usual reply is
"Anyone can throw a letter into the Postal Service with any return
address they want, as well as a forged signature."

No unencrypted mail system has authentication.

/john
   --------