On Tue, Jun 11, 2002 at 09:48:26PM +0200, Brandon Friedman <[EMAIL PROTECTED]> wrote: > > So is there no-way to implement e-mail verification from a server-side? > > I am not wanting pgp in particular but something, that signs all > outbound, that it is verified from that server?
Mail servers aren't permitted to modify the body of outgoing mail, and PGP signatures are in the message body. I suppose you could do PGP in the headers like in Usenet control messages, but then you have to expect the recipients to be able to do something with them. Ignoring the requirements of the protocol, I suppose *technically* it'd be possible, but I don't see what it gives you. If your server signs every message, then an attacker only needs to trick a workstation that's allowed to relay through the server to send a message, and it's signed. Now, instead of having to trust a person, they're having to trust a whole network. A PGP-signed message from that server only says "At some point I moved through that server". At that point, trust relationships are getting awfully hard to manage (for example, someone needs to guarantee physical security of the network, which means that the recipients need to trust the person that guarantees physical security, and so on), to the point where managing them will be considerably more difficult than installing PGP on a workstation -- especially since PGP has a facility to manage trust networks of people, but not of physical resources. PGP problems are seldom technical problems. :-) It's easy to sign a message, but it's hard to make the signature meaningful. I'd offer other suggestions, but I must admit that I can't figure out what problem server-based PGP is trying to solve. It might be useful for you to describe the requirements, so that devinfo can come up with solutions independent of the one you're considering. -Rich -- ------------------------------ Rich Lafferty --------------------------- Systems Administrator/Support Engineer, Network Server Solutions Group Mitel Networks, Ottawa, ON +1 613 592 2122 (x2513) ---------------------------- [EMAIL PROTECTED] ------------------------ -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org