delta/python-packages/pycrypto.git - github.com: dlitz/pycrypto.git

diff options


context:
space:
mode:

Diffstat (limited to 'pipermail/pycrypto/2009q1/000069.html')

-rw-r--r--

pipermail/pycrypto/2009q1/000069.html

1 files changed, 98 insertions, 0 deletions

diff --git a/pipermail/pycrypto/2009q1/000069.html b/pipermail/pycrypto/2009q1/000069.html
new file mode 100644
index 0000000..24bacce
--- /dev/null
+++ b/pipermail/pycrypto/2009q1/000069.html

@@ -0,0 +1,98 @@

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [pycrypto] Quick and Easy Email Authentication

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20Quick%20and%20Easy%20Email%20Authentication&In-Reply-To=5.2.1.1.0.20090211075934.03ae4478%40mail.ece.arizona.edu">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="000068.html">

+ <LINK REL="Next" HREF="000070.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[pycrypto] Quick and Easy Email Authentication</H1>

+ Mads Kiilerich

+ <A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20Quick%20and%20Easy%20Email%20Authentication&In-Reply-To=5.2.1.1.0.20090211075934.03ae4478%40mail.ece.arizona.edu"

+ TITLE="[pycrypto] Quick and Easy Email Authentication">mads at kiilerich.com

+ </A>

+ Wed Feb 11 15:34:58 CST 2009

+ <UL>

+ <LI>Previous message: <A HREF="000068.html">[pycrypto] Quick and Easy Email Authentication

+</A></li>

+ <LI>Next message: <A HREF="000070.html">[pycrypto] Quick and Easy Email Authentication

+</A></li>

+ <LI> Messages sorted by:

+ <a href="date.html#69">[ date ]</a>

+ <a href="thread.html#69">[ thread ]</a>

+ <a href="subject.html#69">[ subject ]</a>

+ <a href="author.html#69">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+

+<PRE>David MacQuigg wrote, On 02/11/2009 04:41 PM:

+> RSA, maybe some way to do this with hashcodes? If we can solve this

+> problem, it could lead to a robust, no-exceptions policy on

+> authentication of SMTP mail sessions.

+>

+

+Such systems already exists, designed and peer reviewed by experts. The

+primarily problem they face is acceptance - and the lack of acceptance

+because of the trade-offs made to make the protocols acceptable. And

+nobody with real-world need for email can rely on such protocols before

+everybody else uses them, and thus there is no need to deploy the

+protocols before everybody else uses them.

+> Let me try to state the problem in more fundamental terms. A stranger

+> says HELO this is f33faf76.mailout09.arizona.edu. The only other

+> information you have to verify that claim is a DNS text record at

+> mailout09.arizona.edu. That record can hold up to 480 bytes of text.

+>

+

+The DNS system is fundamentally broken and insecure. You shouldn't rely

+on it at all. Secure DNS is really a must but unfortunately not widely

+deployed, so we must rely on DNS for functionality but shouldn't rely on

+it for security.

+> criminals. More secure sites can add additional checks, including a

+> digital signature on the entire message.

+>

+

+IMHO the right solution to the problem you are trying to solve lies in

+that direction. Why try to find another and less perfect solution?

+But ... this is a (silent) list for python crypto, not for protocol

+design and email systems. Other lists might be more appropriate.

+/Mads

+-------------- next part --------------

+A non-text attachment was scrubbed...

+Name: smime.p7s

+Type: application/x-pkcs7-signature

+Size: 3435 bytes

+Desc: S/MIME Cryptographic Signature

+Url : <A HREF="http://lists.dlitz.net/pipermail/pycrypto/attachments/20090211/5f5d77af/attachment.bin">http://lists.dlitz.net/pipermail/pycrypto/attachments/20090211/5f5d77af/attachment.bin</A>

+</PRE>

+

+ <HR>

+ <UL>

+

+ <LI>Previous message: <A HREF="000068.html">[pycrypto] Quick and Easy Email Authentication

+</A></li>

+ <LI>Next message: <A HREF="000070.html">[pycrypto] Quick and Easy Email Authentication

+</A></li>

+ <LI> Messages sorted by:

+ <a href="date.html#69">[ date ]</a>

+ <a href="thread.html#69">[ thread ]</a>

+ <a href="subject.html#69">[ subject ]</a>

+ <a href="author.html#69">[ author ]</a>

+ </LI>

+ </UL>

+<hr>

+<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto

+mailing list</a>

+</body></html>