On Tue, Jun 11, 2002 at 09:48:26PM +0200, Brandon Friedman <[EMAIL PROTECTED]>
wrote:
>
> So is there no-way to implement e-mail verification from a server-side?
>
> I am not wanting pgp in particular but something, that signs all
> outbound, that it is verified from that server?
Mail servers aren't permitted to modify the body of outgoing mail, and
PGP signatures are in the message body. I suppose you could do PGP in
the headers like in Usenet control messages, but then you have to
expect the recipients to be able to do something with them.
Ignoring the requirements of the protocol, I suppose *technically*
it'd be possible, but I don't see what it gives you. If your server
signs every message, then an attacker only needs to trick a
workstation that's allowed to relay through the server to send a
message, and it's signed. Now, instead of having to trust a person,
they're having to trust a whole network. A PGP-signed message from
that server only says "At some point I moved through that server".
At that point, trust relationships are getting awfully hard to manage
(for example, someone needs to guarantee physical security of the
network, which means that the recipients need to trust the person that
guarantees physical security, and so on), to the point where managing
them will be considerably more difficult than installing PGP on a
workstation -- especially since PGP has a facility to manage trust
networks of people, but not of physical resources.
PGP problems are seldom technical problems. :-) It's easy to sign a
message, but it's hard to make the signature meaningful.
I'd offer other suggestions, but I must admit that I can't figure out
what problem server-based PGP is trying to solve. It might be useful
for you to describe the requirements, so that devinfo can come up with
solutions independent of the one you're considering.
-Rich
--
------------------------------ Rich Lafferty ---------------------------
Systems Administrator/Support Engineer, Network Server Solutions Group
Mitel Networks, Ottawa, ON +1 613 592 2122 (x2513)
---------------------------- [EMAIL PROTECTED] ------------------------
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
