Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU
Path: utzoo!decvax!decwrl!ucbvax!info-vax
From: ddl@TARDIS.HARVARD.EDU (Dan Lanciani)
Newsgroups: mod.computers.vax
Subject: (none)
Message-ID: <8511151945.AA20972@ucbvax.berkeley.edu>
Date: Fri, 15-Nov-85 14:52:30 EST
Article-I.D.: ucbvax.8511151945.AA20972
Posted: Fri Nov 15 14:52:30 1985
Date-Received: Tue, 19-Nov-85 00:29:41 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 21
Approved: info-vax@sri-kl.arpa


	Actually, discounting a procedure involving becoming privileged
in some unrelated way, it is not possible for ordinary users to create
arbitrary mail aliases unless the system manager deliberately (foolishly?)
makes the alias database generally writable.  (This is in response to
the comment about UNIX 4.2; I don't pretend to understand VMS.)
	I would like to suggest (as I did at the creation of the unix
security mailing list) that, even if only because it would be a fun
experiment, it should be quite possible to secure an arbitrarily large
mailing list if you are willing to mail to each subscriber individually.
That is:  use any of the available public-key encryption systems with
one public key for submissions and a list of subscribers/public keys
at the redistribution point.
	Now, this doesn't in any way address the issue of to whom the
list should be sent, nor is it a particularly neat solution to anything.
But I would hate to think that secure distribution of material over
insecure lines is seen as totally out of our grasp.

					Dan Lanciani
					ddl@tardis.{ARPA, HARVARD.EDU}
					{seismo, harvard, wjh12}!tardis!ddl