jik@athena.mit.edu (Jonathan I. Kamens) (04/17/91)
(Note cross-post and Followup-To.) In article <1991Apr17.091032.12693@ux1.cso.uiuc.edu>, andreess@mrlaxs.mrl.uiuc.edu (Marc Andreessen) writes: |> Basically, I stumbled on a ridiculously easy way to forge mail from |> anyone to anyone on any machine (I've tested this on Ultrix 4.1, AIX 3.1, |> BSD Tahoe, etc) without superuser privs. I'm aware many implementations |> of Unix have many security holes, but this seems fairly major, and |> also appears to be there by design. |> |> I'm sure half of you know what I'm talking about already, so there's |> no need to go into detail. Well, I don't know what you're talking about, because there are so many easy ways to forge mail that I don't know which one you mean. :-) |> However, what I'm wondering is - why isn't |> this more widely known? What do you mean by "widely known?" It's pretty common knowledge around here that mail can't be trusted. If you want secure mail, you used Privacy Enhanced mail, which uses RSA public-key encryption. |> Why have I never heard about it? When new users find out how to forge mail, some portion of them tend to act like dweebs, doing irresponsible, inconsiderate things that make life difficult for everybody, because they think it's funny. I'm a consultant here for our user community, and if someone asks me, "Is it possible to forge mail?" my response is, "Yes, but I can't tell you how to do it." By the time people figure out how to do it for themselves, they're usually responsible enough not to do stupid things with it. It's true that new users often assume that mail is secure because they are never told otherwise. I'm not sure how that problem can be solved (or even if it is a problem); I would find it a bit strange if we told every new user here, "By the way, mail isn't secure!" |> This makes |> Unix mail completely untrustworthy; why isn't this more secure? Unix mail has always been untrustworthy; surprise, surprise. The problem is not confined to Unix (It's possible to forge mail easily using SMTP, which is a network protocol, not a Unix protocol, and which is spoken by quite a few OSs besides Unix). If you're interested in finding out more about recent attempts to come up with ways to do secure mail, I suggest you read the relevant Internet RCSs, which include: 1115 Linn, J. Privacy enhancement for Internet electronic mail: Part III - algorithms, modes, and identifiers [Draft]. 1989 August; 8 p. (Format: TXT=18226 bytes) 1114 Kent, S.T.; Linn, J. Privacy enhancement for Internet electronic mail: Part II - certificate-based key management [Draft]. 1989 August; 25 p. (Format: TXT=69661 bytes) 1113 Linn, J. Privacy enhancement for Internet electronic mail: Part I - message encipherment and authentication procedures [Draft]. 1989 August; 34 p. (Format: TXT=89293 bytes) (Obsoletes RFC 989, RFC 1040) In case you don't know how to get your hands on RFCs, I've included instructions at the end of this message. -- Jonathan Kamens USnail: MIT Project Athena 11 Ashford Terrace jik@Athena.MIT.EDU Allston, MA 02134 Office: 617-253-8085 Home: 617-782-0710 -- Many RFCs are available online; if not, this is indicated by (Not online). Paper copies of all RFCs are available from the NIC, either individually or on a subscription basis (for more information contact NIC@NIC.DDN.MIL). Online copies are available via FTP or Kermit from NIC.DDN.MIL as RFC:RFC####.TXT or RFC:RFC####.PS (#### is the RFC number without leading zeroes). Additionally, RFCs may be requested through electronic mail from the automated NIC mail server by sending a message to SERVICE@NIC.DDN.MIL with a subject line of "RFC ####" for text versions or a subject line of "RFC ####.PS" for PostScript versions. To obtain the RFC index, the subject line of your message should read "RFC index".