Authenticating email
Bill Wood
pmmail@rpglink.com
Wed, 03 May 2000 09:06:52 -0700 (PDT)
Folks,
I've been away and haven't followed the details of this thread.
I hope this doesn't duplicate someone else's stupid idea.
1. Include in the message a line that says that a valid msg
from me must contain the following authenticating line. Then
provide the line.
2. This line might be derived, perhaps checksum like, from some
or all of the following
a. The information for the addressee in the address database
(In some standard format)
b. The date and time of msg.
c. A unique msg ID (not part of the msg?)
d. Perhaps the complete content of the msg
e. Maybe something else, such as a needed known randomizing
element
f. ?
3. Save for each msg the details necessary to recreate the msg
authentication code for every msg sent, whatever that may
require, and the original mailing list with as-sent
authentication codes. Any copy of such a message would reveal
everything, or else would be invalid.
4. This is more technically complex than can be dealt with by a
few engineers rapping on an email list. It would not be a
trivial matter to ensure/prove that the scheme, whatever it is,
has the integrity you think it does. This stuff would quickly
get too complex for our normal court system and what we need is
a recognized standard for certifying email authenticity ...
maybe a new RFC. So why don't you start one? In a few years we
might have something workable and a standard that mail apps can
conform to.
w3
w3
Bill Wood
Las Vegas, NV
wwwood@lv.rmci.net
Support Bilingual Education
... English and Mathematics