Xref: utzoo comp.protocols.tcp-ip:14817 comp.mail.uucp:5858
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!midway!ux1.cso.uiuc.edu!mp.cs.niu.edu!rickert
From: rickert@mp.cs.niu.edu (Neil Rickert)
Newsgroups: comp.protocols.tcp-ip,comp.mail.uucp
Subject: Re: Are There Standards For Secure Mail Transfer Via SMTP?
Message-ID: <1991Feb8.185044.22132@mp.cs.niu.edu>
Date: 8 Feb 91 18:50:44 GMT
References: <38975@cup.portal.com> <1991Feb8.110317.3949@unipalm.uucp> <1991Feb8.180500.11290@Solbourne.COM>
Organization: Northern Illinois University
Lines: 23

In article <1991Feb8.180500.11290@Solbourne.COM> imp@Solbourne.COM (Warner Losh) writes:
>While there is an account called "root" with all the privs that it
>has, there will be no way to have "totally secure, authenticated
>mail".  After all, if I wanted to send mail from Joe Hothead to his
>boss calling him a jerk, then I could su, then su jhothed and flame
>away.  And it could be done w/o a way to trace it back it me (after
>all, root can nuke accounting files).

 Forget about root.  Sure root can violate privacy.  But what does that
matter when anybody with a terminal server can telnet to the SMTP
port of any host, and start entering an SMTP mail transaction.  In this
case even the 'Received:' headers won't be of much help in narrowing down
the source of the message.

 If you want 100 percent secure communication, talk face to face with the
person intended.  Actually, even that is not 100% foolproof, or else there
would be little point in having agencies such as the CIA.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940