Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site hou3c.UUCP Path: utzoo!watmath!clyde!burl!hou3c!Margulies@CISL-SERVICE-MULTICS.ARPA From: Margulies@CISL-SERVICE-MULTICS.ARPA ("Benson I. Margulies") Newsgroups: net.mail.headers Subject: Authentication Message-ID: <840307010738.841199@CISL-SERVICE-MULTICS.ARPA> Date: Tue, 6-Mar-84 20:07:00 EST Article-I.D.: hou3c.388 Posted: Tue Mar 6 20:07:00 1984 Date-Received: Wed, 7-Mar-84 06:45:32 EST Sender: ka@hou3c.UUCP (Kenneth Almquist) Lines: 18 To: header-people@MIT-MC.ARPA I disagree with Mr. Covert. Given the assumption that the net gives me trustworthy informatio on the source host of mail (which the ARPAnet can), and knowledge of the security characteristics of the hosts on the net, authentication is available. Consider two Multics systems on ARPA. The sending system software that installs the source name in the envelope is trusted code. The recieving server can validate that the IMP leader/IP header specify the address of a directly connected trusted mail host, and copy the envelope source user name into the appropriate Sender field. Voila! We maintain the envelope data in trusted code so that even local mail has authenticated sources. Over an unreliable communications medium, where you cannot perform HOST level authentication, mr. covert is correct. only encryption will do.