Re: the 8-bit dilemma

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Brad Knowles: "Re: the 8-bit dilemma"
• Previous message: Brad Knowles: "Re: the 8-bit dilemma"
• Maybe in reply to: Michael Elkins: "the 8-bit dilemma"

On Feb 28,  2:21pm, Michael Elkins wrote:
} Subject: RE: the 8-bit dilemma
}
} > Do you mean signing the fact that this is an audio object for example?
} > So I would know if someone changed the type from audio to video?  That
} > seems like a fairly esoteric benefit [...]
} 
} It _is_ a big deal for any automated message processing, and even for a lot
} of MUAs.  You could receive an altered piece of mail that gets ignored...

I don't think a denial-of-service argument flies here; if I can intercept
the message and alter the type, I can just as easily intercept the message
and destroy it entirely.  You'd have to postulate a change of type that
actually resulted in some harm to the recipient's system or the sender's
credibility.

} > I always thought of transport security as being handled by Secure Socket
} > Layer.
} 
} This would be nice, but alas, not everyon has SSL availible.  I suspect
} it will be quite some time before we can ignore connection insecurity.

It's worse than that; Internet email is by definition a store-and-forward
process, so it isn't sufficient to secure the channels.  It's important
to secure the data itself.

-- 
Bart Schaefer                     Vice President, Technology, Z-Code Software
schaefer@z-code.com                  Division of NCD Software Corporation
http://www.well.com/www/barts

• Next message: Brad Knowles: "Re: the 8-bit dilemma"
• Previous message: Brad Knowles: "Re: the 8-bit dilemma"
• Maybe in reply to: Michael Elkins: "the 8-bit dilemma"