Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site hou3c.UUCP Path: utzoo!watmath!clyde!burl!hou3c!Ellis@YALE.ARPA From: Ellis@YALE.ARPA (John R Ellis) Newsgroups: net.mail.headers Subject: Re: user-editable mail headers Message-ID: <8408191851.AA10995@YALE-BULLDOG.YALE.ARPA> Date: Sun, 19-Aug-84 14:37:02 EDT Article-I.D.: hou3c.765 Posted: Sun Aug 19 14:37:02 1984 Date-Received: Tue, 21-Aug-84 00:36:53 EDT Sender: ka@hou3c.UUCP (Kenneth Almquist) Lines: 29 To: Mark CrispinCc: steve@BRL-BMD.ARPA, header-people@MIT-MC.ARPA In-Reply-To: Mark Crispin , Sun 19 Aug 84 10:46:52-PDT Personally, I believe that security against forged mail is a fantasy. The best you can do is validate that a message clearly came from such- and-such a host, or for locally-originated mail, that a message was composed by a certain user. It's quite easy to do much better than this for local networks, using standard operating systems like TOPS-20 and Unix. At Yale, our Chaosnet implementation provides a server with the user id and host of the program at the other end of the connection. The operating systems provide this information; user-state programs cannot forge it. (It isn't hard to modify TOPS-20 and Unix implementations of Chaosnet to provide this capability.) Thus our mail system knows reliably who sent local-network mail. Of course, if someone broke into the operating systems, they could forge the mail. So what? Computer people often talk about "security" as if it were an all-or-nothing proposition. But as in the physical world, there are varying degrees of computer security, depending on how much the security is worth to you. Show me a particular computer security method, and I'll show you a (possibly very expensive) way to circumvent it (including non-electronic methods). Just as most of us prefer moderately secure locks on the doors of our homes in preference to no locks at all, most computer users would prefer protection against easy forgery rather than no protection at all. I was once told the government's sensible definition of security: Make it more expensive for the spies to break security of your particular system than it would cost them to achieve their goals by some other means. -------