On May 5, 2000 Phil White <data_medica@???> wrote:
> I administer a central mail server for the ITMagic domain, and am
> pondering on the possibility of adding in transparent PGP support.
> My requirements are :
> The service, once set up, should be as transparent as possible.
> The service is only needed to sign emails, not encrypt them.
Hmmm. There are two problems I see. One is MIME. Ignoring attachments,
you might have something that is already, say, quoted-printable. Is that
what gets signed or do you decode, sign, and reencode. I guess I don't
really get the PGP/MIME stuff. Maybe the things you are looking at have
solutions to that. I once tried to come up with a semi-postmarking
scheme, but I couldn't get anything simple and useful.
The second problem is ...
> As this is a central mail relay, no users will be logged in.
> This is my main area of concern. I have to attempt to
> ensure that I can guarantee authenticity of a sender,
> prior to the signing process.
Where are people submitting from? Would you trust inetd on those systems?
Alternatively, you could use SMTP-AUTH and make people enter a password to
send mail, but is that not transparent enough?
You either have to trust the clients very much or do AUTH SMTP as far as
I can see.
Alternatily your server could sign a statement about the headers and what
it knows. Basically it could introduce a header which is effectively a
signature of everything below that header. That way you are only signing
for yourself and signing something you believe.
-j
--
Jeffrey Goldberg +44 (0)1234 750 111 x 2826
Cranfield Computer Centre FAX 751 814
J.Goldberg@??? http://WWW.Cranfield.ac.uk/public/cc/cc047/
Relativism is the triumph of authority over truth, convention over justice.
