Browse Prior Art Database

On the problem of signature authentication for network mail (RFC0644)

IP.com Disclosure Number: IPCOM000003715D
Original Publication Date: 1974-Jul-22
Included in the Prior Art Database: 2000-Sep-13
Document File: 4 page(s) / 9K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Thomas: AUTHOR

Abstract

This note describes the problem of signature authentication for network mail, presents a general approach to the problem and proposes a specific implementation of that approach.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 31% of the total text.

Network Working Group Bob Thomas

Request for Comments: 644 BBN-TENEX

Jul 1974

On the Problem of Signature Authentication for Network Mail

This note describes the problem of signature authentication for network

mail, presents a general approach to the problem and proposes a specific

implementation of that approach.

1. The Problem

The problem we wish to consider is:

How can the recipient of a network mail message be "certain"

that the signature (e.g., the name in the "FROM" field) is

authentic; that is, that the message is really from whom it

claims to be?

We are interested in the problem of signature authenticity in the network

context. For purposes of this note we shall assume a solution to the

signature authentication problem for local mail (i.e., messages from one

user to another within a single host). That is, we assume that for any

host, either the host regards the problem as important and has a mechanism

for guaranteeing signatures on local mail or that the host does not regard the

problem as important and does not guarantee signature authentication. It

should become clear how this assumption relates to our approach to the network

signature problem.

We shall discuss our approach using the following simple model for network

mail:

To send net mail a user invokes a mail sending process (SP) on

his local host (SH). The process SP acts on behalf of the user

to deliver the message to an appropriate mailbox at the

receiving host (RH). It does that by interacting with a

receiving process (RP) that runs on host RH. RP accepts the

message from SP and deposits it in the appropriate mailbox.

In the current implementation of network mail, the receiving process RP is

typically an FTP server process. For the current TENEX implementation the

mail sending process SP is either a process running SNDMSG or a "background"

MAILER process which sends "queued" (previously posted but undelivered) mail.

2. An Approach

We seek a solution which will allow RP, the receiving process, to mark

the signature on messages it receives as authenticated or not with

respect to SH, the sending host. If RP can so mark incoming messages,

a user reading his mail at RH would be able to see the signature on each

message as authenticated or not with respect to the host of origin. The

authenticity of the signature on a piece of mail is understood to be

responsibility of the originating host. The credibility a user gives a

particular message which is marked as authentic can be based on the user's

own estimate of the source host's user authentication and access control

mechanisms.

-1-

The success of this approach depends upon two things:

a. Users develop estimates of the security of various host user

authentication and access control mechanisms. We have seen that

users who ar...