[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Only accepting e-mail from known parties



(No, this is not Jonathan Blake; see .sig below :)

Jonathan Blake <[email protected]> writes:
> 	When I get the bugs out of the procmail script I'm
> 	writing, to accomplish this, I'll send it to you.

I'd be very interested. I may even use it, if it works. :)
I like Adam Shostak's suggestion regarding caching hashes of signed
portions of incoming e-mail.
If the filter is going to keep track of e-mail history, then another possible
useful feature would be to limit the number of e-mails accepted from a given
party (even distinict). "You mail is being returned to you because you're
only authorized to send 10 e-mails here in a 24-hour period". Heh.

> 	However, won['t most messages have the name of the intended
> 	recipient inside the PGP signature lines?

Not necessarily. Most e-mails say something like "Dear Alice," but not all.
I wish the important headers were included in the signed portion.

Here's another variant of the same attack:

Bob sends Alice a PGP-signed e-mail. Alice posts a Usenet forgery, making
it look like it came from Bob, and using the same PGP-signed body.

> > Alice _may_ notice that the _Received:_ headers are weird, but this
> > forgery will certainly pass through a script that checks signatures.
>
> 	I'll have to give this some thought.  Have the script
> 	match the from id, with the message id.  << Not sure
> 	how I can do this one, yet.  >>

It's a piece of cake to forge the message-id to match the forged "From:".
In fact, I'll do just that in this article, and I bet it'll take me
less than a minute. Besides, your message-id doesn't match your host. :)

I'm off to teach C++ now. (Yes, on Xmas)

---

<a href="mailto:[email protected]">Dr. Dimitri Vulis</a>
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps