ietf-822
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Security Issues

1991-10-31 05:37:25
from [ Randall Atkinson] [Permanent Link] 
Folks,

  I'm inclined to agree with Ned that it isn't a productive use of
our time to prohibit capabilities that an MUA might use in a dangerous
way.  Ultimately, that is a quality of implementation issue and
we are incapable of preventing someone from building a hostile MUA.

  I think it is a productive use of our time to discuss in the
"Security Considerations" portion of the RFC things that we think
an implementer should keep in mind so as not to inadvertantly build
a dangerous MUA.  It would also serve to help users be more aware of
the security issues involved with this.  Explicitly indicating what
trust the user is placing in the application IS helpful.

  For my part, I _don't_ trust shar to always do the right thing.  I
allways scan the shar file first for potentially dangerous actions.  I
wouldn't think of trusting arbitrary people who send mail or post news
to be the guardians of my security (that is and should be my
responsibility).

  I will be happy to collect all of these security concerns and codify
them into some proposed text for the draft if that would be useful.
That aside, I would still be personally interested in hearing about
whatever security concerns people have on email or other topics since
my real work is in Network Security.

  By the way, its refreshing to see folks outside the security research 
community are thinking about security issues.

Regards,

  Ran
  atkinson(_at_)itd(_dot_)nrl(_dot_)navy(_dot_)mil
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Security Issues, Randall Atkinson <=
Previous by Date:  Re: trojan horses in RFC XXXX mail (tex/troff/postscript considered harmful), Nathaniel Borenstein
Next by Date:  Re: checksums, James M Galvin
Previous by Thread:  filename= headers in mail, emv
Indexes:  [Date] [Thread] [Top] [All Lists]