Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site hou3c.UUCP Path: utzoo!watmath!clyde!burl!hou3c!Rudy.Nedved@CMU-CS-A.ARPA From: Rudy.Nedved@CMU-CS-A.ARPA Newsgroups: net.mail.headers Subject: Re: SMTP and authentication Message-ID: <06Mar84.184902.EN0C@CMU-CS-A> Date: Tue, 6-Mar-84 18:49:00 EST Article-I.D.: hou3c.390 Posted: Tue Mar 6 18:49:00 1984 Date-Received: Wed, 7-Mar-84 08:33:37 EST Sender: ka@hou3c.UUCP (Kenneth Almquist) Lines: 15 To: Mark CrispinCc: Header-People@MIT-MC In-Reply-To: "Mark Crispin's message of 6 Mar 84 16:57-EST" Mark, Can't you use semi-secret "public" key encryption to validate the sender? The semi-secret parts comes from the fact that you can't set up in any enviroment by the points you mentioned (insecure networks and hosts) a authentication server without the potential for forgery of it....but you can have users type in magic numbers at both ends and have the mail authenticated....the magic numbers are sent by "secure" courier...a guy with a handcuffed briefcase. This is one the issues CMU CS/RI systems staff is suppose to solve ASAP....probably after we get the user names and host names "addressing" issues solved. -Rudy