Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site hou3c.UUCP
Path: utzoo!watmath!clyde!burl!hou3c!Rudy.Nedved@CMU-CS-A.ARPA
From: Rudy.Nedved@CMU-CS-A.ARPA
Newsgroups: net.mail.headers
Subject: Re: SMTP and authentication
Message-ID: <06Mar84.184902.EN0C@CMU-CS-A>
Date: Tue, 6-Mar-84 18:49:00 EST
Article-I.D.: hou3c.390
Posted: Tue Mar  6 18:49:00 1984
Date-Received: Wed, 7-Mar-84 08:33:37 EST
Sender: ka@hou3c.UUCP (Kenneth Almquist)
Lines: 15
To: Mark Crispin 
Cc: Header-People@MIT-MC
In-Reply-To: "Mark Crispin's message of 6 Mar 84 16:57-EST"

Mark,

Can't you use semi-secret "public" key encryption to validate the
sender? The semi-secret parts comes from the fact that you can't
set up in any enviroment by the points you mentioned (insecure
networks and hosts) a authentication server without the potential
for forgery of it....but you can have users type in magic numbers
at both ends and have the mail authenticated....the magic numbers
are sent by "secure" courier...a guy with a handcuffed briefcase.

This is one the issues CMU CS/RI systems staff is suppose to
solve ASAP....probably after we get the user names and host
names "addressing" issues solved.

-Rudy