On 25 Dec 95 at 7:45, Dr. Dimitri Vulis wrote: [much on a pgp based gateway filter for email] : : This is much better than nothing. This would stop the e-mail being : sent to everyone who's ever posted to Usenet. I see a couple of attacks: : : 1. Alice only accepts signed e-mail from Bob. Carol receives a signed e-mail : from Bob to Carol, sends 10,000 e-mails to Alice (via sendmail) with From: bob, : same body+signature, possibly varying message-ids and subjects. : : 2. Alice only accepts signed e-mail from Bob. Carol, a rogue sysadmin, : intercepts an e-mail from Bob to Alice, sends 10,000 more copies of it to Alice : (via sendmail) with From: bob, possibly varying message-ids and subjects. : : As I keep pointing out, pgp-signing the body is not enough. : Keep checksums of signitures (or body text) for a week, duplicate messages are routed to /dev/null. -- JHupp@gensys.com |For PGP Public Key: http://gensys.com |finger jhupp@gensys.com You are lost in a maze of twisty little standards, all different.