On Tue, 03 Oct 1995 14:21:18 EDT, you said:
For example, can one construct a MOSS-protected message such that prior to
decryption, the UA *must* succesfully perform an ftp session and retrieve
some data item, say?
multipart/signed
messages/externalbody,access-type=ftp,....
application/signature,....
Or am I missing something?
Valdis Kletnieks
Computer Systems Engineer
Virginia Tech
I'm having a problem understanding the semantics of some of these security
services, in particular nonrepudiation of delivery.
I can imagine how to construct a protocol that doesn't allow me to read a
message without fetching the decryption key and thereby acknowledge, sort of,
that I received the message. and certainly if I CHOOSE to acknowlege the
message, it is easy to send a signed reply. But that isn't nonrepudiation of
delivery, at least not the way I would define it.
Unless my user agent is running on an A1 trusted system that is NOT under my
control, how can you prevent me from refusing delivery? If you are sending me
my draft notice, or a subpoena, what is to prevent me from seeing the return
address and refusing to accept the message?
(In general, I feel about X.400 the way that Ned and Donald and others feel
about X.500 -- it were founded on a premise that ceased to be operative long
before the systems were deployed, i.e., a centralized Mail Transfer Agent
that was operated by the government or a monopolistic carrier, and could
solve some of the annoying security problems by fiat. Unfortunately, the
emperor clothes are rather drafty.)
Bob
Robert R. Jueneman
GTE Laboratories
1-617-466-2820 Office
1-508-264-0485 Telecommuting