Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!zaphod.mps.ohio-state.edu!usc!wuarchive!udel!haven!decuac!bacchus.pa.dec.com!hollie.rdg.dec.com!jch
From: jch@dyfed.rdg.dec.com (John Haxby)
Newsgroups: mail.uk-sendmail-workers,comp.mail.sendmail
Subject: Re: Forging messages
Message-ID: <1990Nov7.160856.6365@hollie.rdg.dec.com>
Date: 7 Nov 90 16:08:56 GMT
References: <25249.9011061356@expya.cs.exeter.ac.uk> <1990Nov6.234722.8580@mp.cs.niu.edu>
Sender: news@hollie.rdg.dec.com (USENET News System)
Reply-To: jch@dyfed.rdg.dec.com (John Haxby)
Organization: Digital Equipment Corporation
Lines: 20


Proof against forging is somewhat difficult with sendmail --
the best way is to use encryption, preferably double public
key encryption (you know, the thing whereby you encrypt with
your own private key and then the intended recipients public
key and the recipient uses your public key and his private
key to decrypt the message).  X.400 '88 has the infra-structure
to support secure mail and digital signatures, proof of posting
and all that junk.

The only snag with all of this is that it relies rather heavily
on public key or private key encryption and both forms can be
cracked open with sufficient mips -- people have be factoring
products of large primes for a while now, cracking DES passwords
is easy by comparison.
-- 
-------
John Haxby, Definitively Wrong.
Digital				<jch@wessex.rdg.dec.com>
Reading, England		<...!ukc!wessex!jch>