On Sat, Aug 21, 1999 at 10:09:31PM -0400, Russell Nelson wrote:
> I've been thinking about cryptographic signing of messages at the mail
> transfer agent level. I can think of how to do it, but I'm not sure
> what problem it solves. :) Anyone have any ideas?
I wrote a similar system for Sun 4 or 5 years ago. However its purpose
was to encrypt the email for secrecy. It used sendmail and PGP, would
automagically encrypt messages sent to hosts/domains registered in a
config file, and would use the same config file to attempt to decrypt
incoming PGP'd messages.
The proposed use was between corporate/sales offices in certain countries
east of Europe. There had been an existing DES-based system in place
but key management was geting harder with more offices.
For a previous company I'd been requested to build the same
kind of thing to automatically protect emails between corporate officers
and lawyers and partners.
Either way, the purpose is to make the encryption/decryption automatic
as far as the end-users are concerned. It's hard enough to get some
corporate officers or marketing people to understand how a regular email
programs works or to pick good passwords. Educating them on how to
use PGP is like herding snakes[0]. So automating the process is a
good thing.
There are security problems with this, not the least of which is that
the process that handles the crypto has got to leave the private keys
unlocked (or have the passphrase built in, same thing). If you can
assume that this happens on your internal network, and that network is
secure, then this is probably ok. It does present a nice target if an
attacker manages to penetrate your network though.
I don't know what a signature by itself would accomplish, other than
preventing modification of the email body in transit. The impression
I get is that SMTP headers are sufficent legal proof of where and
when a message was sent. Perhaps autosigned messages would be
better in that regard, but any of us on this list could cast almost as
much doubt on an autosigning system (based on known security holes & flaws)
as on SMTP headers.
[0] One can argue that it's possible to herd snakes if one waits
until it's time for them to hibernate, but I have not yet discovered
the hiberation season for marketing people. However talking crypto
in front of the does seem to put them in a mild torpor.
--
Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5
