[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Only accepting e-mail from known parties

To: [email protected] (Dr. Dimitri Vulis)
Subject: Re: Only accepting e-mail from known parties
From: Adam Shostack <[email protected]>
Date: Mon, 25 Dec 1995 12:54:30 -0500 (EST)
Cc: [email protected] (Cypherpunks Mailing List)
In-Reply-To: <[email protected]> from "Dr. Dimitri Vulis" at Dec 25, 95 11:41:32 am
Sender: [email protected]

Dr. Dimitri Vulis wrote:

| I said, Carol can *forge* the RFC 822 header, so her e-mails look like they
| came from Bob, and use the body from Bob's authentic PGP-signed message.

	Yes, this is possible.  No, I'm not going to take the time to
write a fix now, but, we both know its not tough to prevent.

	Take the hash of the pgp signed message, use it to filter on.
I'll occaisonally add text outside a signature (literally, a
postscript), so filtering out everything outside the signed text is a
bad idea.  You might get a few spams, but not hundreds.  Its tough to
ensure that mail always has an envelope that matches the key.  I still
use a key that say [email protected], but most of my mail is signed
with an [email protected] key.

	Cryptography can't solve social problems.  It can, however,
transform them into tougher problems for the anti-social.

Adam
-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

References:
- Re: Only accepting e-mail from known parties
  - From: [email protected] (Dr. Dimitri Vulis)

Prev by Date: Re: Only accepting e-mail from known parties
Next by Date: Re: Only accepting e-mail from known parties
Prev by thread: Re: Only accepting e-mail from known parties
Next by thread: Re: Only accepting e-mail from known parties
Index(es):
- Date
- Thread