Only accepting e-mail from known parties
Jeff Hupp
jhupp at novellnet.gensys.com
Mon Dec 25 07:51:41 PST 1995
On 25 Dec 95 at 7:45, Dr. Dimitri Vulis wrote:
[much on a pgp based gateway filter for email]
:
: This is much better than nothing. This would stop the e-mail being
: sent to everyone who's ever posted to Usenet. I see a couple of attacks:
:
: 1. Alice only accepts signed e-mail from Bob. Carol receives a signed e-mail
: from Bob to Carol, sends 10,000 e-mails to Alice (via sendmail) with From: bob,
: same body+signature, possibly varying message-ids and subjects.
:
: 2. Alice only accepts signed e-mail from Bob. Carol, a rogue sysadmin,
: intercepts an e-mail from Bob to Alice, sends 10,000 more copies of it to Alice
: (via sendmail) with From: bob, possibly varying message-ids and subjects.
:
: As I keep pointing out, pgp-signing the body is not enough.
:
Keep checksums of signitures (or body text) for a week, duplicate
messages are routed to /dev/null.
--
JHupp at gensys.com |For PGP Public Key:
http://gensys.com |finger jhupp at gensys.com
You are lost in a maze of twisty little standards, all
different.
More information about the cypherpunks-legacy
mailing list