PGP: sequencing messages

John Drabik pmmail@rpglink.com
Sun, 09 Apr 2000 00:36:43 +0000 

On Wed, 05 Apr 2000 15:04:14 -0300 (ADT), Trevor Smith wrote:

>The copies in my sent folder do NOT contain any message-ID or
>resent-message-ID lines except those that were present when the
>message was received.

Yes, this is the issue I originally meant (although the thread here
has gone quite far astray, into message threading, etc.)

The issue is that I need to be able to QUICKLY look at a message that
is handed to me (electronically, or in a print out), and determine
who was the original recipient of the message.  If I send a message
to someone, and they (unauthorized) send or give it to someone else,
I want to be able to look at the message, and say "Oh, I see, you got
that from Fred; I sent it to him on April 5th."  If they remove the
tag/sequence #, then I can say "Oh, you have a forged or falsified
message there.  Don't know where you got it, but it has been tampered
with, and I can't help you with it."

But none of this is possible with server-side message ID's, because
** I ** can't keep the database that allows me to look up the
original message recipient at a later time.

>This means the SMTP server is adding the lines, as near as I can
>figure.

I believe you are correct.  And unfortunately, this doesn't help me. 
But here's an example (just an example - I'm not going to say what
the real application is because of various other issues):

Suppose I send out 10 contest e-mails, which are non-transferable due
to restrictions of law.  Each message is stamped with an ID, internal
to the message, and signed with the message with PGP (as somebody
already noted, even if the message "looks" the same, it won't have
the same PGP key, and it is also highly unlikely that someone could
reconstruct the PGP key even if they had every character of the
original text).

Now suppose Fred gets the message, decides he doesn't want a vacation
in beautiful downtown Moab, Utah.  So, he gives it to Betty.  She
sends it in.  I can look at it, see that it has a particular ID, and
see that it was NOT sent to Betty.  On the other hand, if the ID is
removed or modified, the PGP signature will be incorrect for the
message, and I tell Betty to take a hike - in some other town besides
Moab, that is.  Think of the whole thing as an openly displayed
digital signature.  The reason for leaving it open is that it allows
very quick checking.  It's not perfect - the PGP key is for that, but
it only need to be used if a message appears legitimate, and needs
the last little bit of verification.  That way, you don't have to
recompute the PGP signature for every single message you receive
back.

Anyway, it doesn't sound like it's going to be easy to solve this. 
Rexx scripts aren't going to do it either.  Ideas, anyone?

John