Only accepting e-mail from known parties
Adam Shostack
adam at lighthouse.homeport.org
Mon Dec 25 10:20:32 PST 1995
Dr. Dimitri Vulis wrote:
| I said, Carol can *forge* the RFC 822 header, so her e-mails look like they
| came from Bob, and use the body from Bob's authentic PGP-signed message.
Yes, this is possible. No, I'm not going to take the time to
write a fix now, but, we both know its not tough to prevent.
Take the hash of the pgp signed message, use it to filter on.
I'll occaisonally add text outside a signature (literally, a
postscript), so filtering out everything outside the signed text is a
bad idea. You might get a few spams, but not hundreds. Its tough to
ensure that mail always has an envelope that matches the key. I still
use a key that say adam at bwh.harvard.edu, but most of my mail is signed
with an adam at homeport.org key.
Cryptography can't solve social problems. It can, however,
transform them into tougher problems for the anti-social.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
More information about the cypherpunks-legacy
mailing list