Xref: utzoo news.sysadmin:3107 comp.mail.uucp:4809 Path: utzoo!utgpu!news-server.csri.toronto.edu!math.lsa.umich.edu!zaphod.mps.ohio-state.edu!rpi!dali.cs.montana.edu!milton!uw-beaver!sumax!halcyon!ralphs From: ralphs@halcyon.wa.com (Ralph Sims) Newsgroups: news.sysadmin,comp.mail.uucp Subject: Re: Passing proprietary messages through competitors or other sites Message-ID: Date: 24 Jul 90 00:51:45 GMT References: <1990Jul23.062802.21270@EE.Surrey.Ac.UK> Organization: The 23:00 News Lines: 36 celvin@EE.Surrey.Ac.UK (Chris Elvin) writes: > In article <716@logicon.com> Makey@Logicon.COM (Jeff Makey) writes: >>In article <11613@hoptoad.uucp> gnu@hoptoad.uucp (John Gilmore) writes: >>>On many sites it can be read by ordinary users while parked there in >>>transit. >>On many sites in-transit mail can be *modified* by ordinary users, >>too. It's time to start encrypting mail, I guess. > Encryption of mail won't stop users modifying it, just stop them making sense > of it. How is the encryption key passed? Good point to Part A, and for Part B: one form would be to use a 'scramble' of the message id number. This is unique from message to message, as far as I can tell. One means would be to swap the first and last two characters and increment the ascii code of everything in between by one, etc. Taking a CRC of the message id and adding your birthdate, etc. There's any number of schemes. > I use a 3/280 for ALL external network traffic, mail routing etc. NO user > has access to this machine. In-transit mail is more vulnerable than stored mail, I'd think. An unscrupulous organization could set themselves up as a host ("We'll forward ALL your mail for you--on OUR dime") and copy every bit of mail that passes through. Needless to say, this could be embarassing, expensive, etc. to the sender/recipient. The best defense is NOT to pass sensitive data via a 'public' network. Maybe this is a discussion for alt.security, and related groups. -- Of all the things I've lost, I miss my mind the most...