From: dps@kafka.atinc.com (Doug Shapter)
Its my understanding that to be truly useful on multi-user systems, digital signatures require some user input (eg, PGP requires entering a pass phrase).
Not really. The system I was sketching out would not require the user to enter any information at all, the sendmail daemon would handle everything and have the key for that mail server held internally. The purpose would not be to say that "User X" did or did not sign a message, but to say _with reasonable assurance_ that the message either came from someone logged in as userx@foo.com (there are other alternatives, like the mail server being hacked, etc.) The purpose of such a system would not be to link mail messages to any real person or identity, but to link it to an account on the sending host (and mostly to link it to the sending host.) Thus someone who just did a telnet to port 25 and forged off a mail message would not be able to generate the necessary site signature to pull off the charade unless they managed to actually hack _into_ the mail server. Bouncing messages off a smtp port would no longer be enough to work. In actual practice the keys would not need to be monstrously huge and one could probably get by with a public key small enough to fit into a TXT record in the DNS system. It would be easier to break in to the system than crack a 512 bit key... The mail system would not be signing the messages for you, it would just do a hash of a few choice lines from the header and sign those with the mail system key. It would not try to say that any particular person sent a mail message but would instead say "to the best of my knowledge this message came from my system and was sent by someone accessing account userx" and no more. This would probably be enough to cut mail forgery through smtp by 90% among sites using the system. jim