Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!munnari!kre
From: kre@munnari.oz (Robert Elz)
Newsgroups: comp.mail.misc
Subject: Re: Security in SMTP (was TURN command in SMTP)
Message-ID: <1771@munnari.oz>
Date: Wed, 5-Aug-87 14:13:55 EDT
Article-I.D.: munnari.1771
Posted: Wed Aug  5 14:13:55 1987
Date-Received: Sat, 8-Aug-87 02:27:57 EDT
References: <1726@ubvax.UUCP> <6745@dartvax.UUCP> <1701@xanth.UUCP> <6794@dartvax.UUCP>
Organization: Comp Sci, Melbourne Uni, Australia
Lines: 18

In article <6794@dartvax.UUCP>, kevins@dartvax.UUCP (Kevin M. Schofield) writes:
> Now wait a minute. If we're using SMTP in the first place, aren't we assuming
> that there is some form of controlled access to the SMTP server? Like an
> ethernet where all the hosts are known? If we can't guarantee that, we have
> even bigger security problems than reading someone else's mail. We've got
> people sending all sorts of unverified messages.

No, that's a much smaller problem, as the problem with TURN isn't reading
someone else's mail, its purloining it .. when the imposter gets his copy
the real recipient loses it forever.

The same situation applies with paper mail (snail mail).  I can mail a
letter and sign it Ronald Reagan if I feel like it (it might be against
the law, or it might not, but that's immaterial here).  But the post
office won't hand over mail to be if I role up and say "Hi, I'm from
the White House, give me all you've got"...

kre