MRC@SU-SCORE.ARPA (Mark Crispin) (03/06/84)
The only authentication issue with Internet mail is that there is NO authentication. Let's not introduce this particular red herring. Anybody who thinks that Internet mail is authenticated is fooling himself. -------
Margulies@CISL-SERVICE-MULTICS.ARPA ("Benson I. Margulies") (03/07/84)
I disagree with Mr. Covert. Given the assumption that the net gives me trustworthy informatio on the source host of mail (which the ARPAnet can), and knowledge of the security characteristics of the hosts on the net, authentication is available. Consider two Multics systems on ARPA. The sending system software that installs the source name in the envelope is trusted code. The recieving server can validate that the IMP leader/IP header specify the address of a directly connected trusted mail host, and copy the envelope source user name into the appropriate Sender field. Voila! We maintain the envelope data in trusted code so that even local mail has authenticated sources. Over an unreliable communications medium, where you cannot perform HOST level authentication, mr. covert is correct. only encryption will do.
MRC@SU-SCORE.ARPA (Mark Crispin) (03/13/84)
Does Multics prevent users from connecting to the SMTP server port on other systems? If not, your entire previous argument is worthless. -------