Re: Signature on logs/eMail

From: William D. Colburn (aka Schlake) (wcolburnat_private)
Date: Thu Jul 26 2001 - 10:02:45 PDT

Next message: adamdat_private: "Re: NTFS forensic analysis on Unix platform"

Previous message: Ben Ford: "Re: Signature on logs/eMail"
In reply to: Ben Ford: "Re: Signature on logs/eMail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sendmail operates as both a Mail Transmission Agent (port 25) and as a Mail
Submission Agent (port 587).  With SMTP AUTH the initial message
submission is authenticated, so the signing could reasonably take place
inside sendmail.

Even with AUTH though, I think that the signature would only be valid to
show that the message wasn't altered since it passed through the
sendmail in question.  If the message is important enough that it needs
a signature, the sender should apply it before sending it.  The server
provided signature would be most useful for other out of band features.
For instance, if the server verifies that the message had no viruses in
it when it passed through, then the signature would prove that it
didn't (and that something later on added them).  The server signature
could also include a third-party encrypted timestamp against a hash of
the signed part of the document.

On Wed, Jul 25, 2001 at 04:14:34PM -0700, Ben Ford wrote:
> >There has been discussion of applying signatures to logs, however how about
> >eMails?
> >
> >Does anyone know about a pre/post-processor or sendmail patch, etc. That
> >could be used to apply a hash and SN to an eMail along with a signature and
> >then log this information somewhere?
> >
> >-D
> >
> 
> Isn't this kind of looking at it the wrong way?  What is to say that the 
> mail hasn't been intercepted between sender and server and altered?  Of 
> course, secure sendmail helps alleviate that.
> 
> I think this is something that should be performed at the client level, 
> like PGP is now.
> 
> -b
> 
> -- 
> So, make a real effort to avoid getting sucked into all the expensive
> lifestyle habits of typical Americans.  Because if you do that, then
> people with the money will dictate what you do with your life.
>                 --Richard Stallman
> 
> 
> 
> 
> -----------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com

--
William Colburn, "Sysprog" <wcolburnat_private>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: adamdat_private: "Re: NTFS forensic analysis on Unix platform"
Previous message: Ben Ford: "Re: Signature on logs/eMail"
In reply to: Ben Ford: "Re: Signature on logs/eMail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 12:06:30 PDT