Hello, Frank...

Nov 30, 2002 at 13:17, Frank Vest wrote to Michael Gothreau:

 FV> Even internet e-mail requires passwords... and for the same reasons.

Not in the same sense the FidoNet uses them. Individual user accounts may
have passwords, but there is no password exchange when two systems exchange
mail using SMTP. The most that happens, so far as I know, is that the
systems do a reverse lookup to make sure that the IP address and the host
name match. The receiving system also knows whether or not to accept mail
based on the connecting host name, and what to do with it based upon the
destinations of the individual messages; but I think that's about it.

 FV> Without passwords in place, it is very easy to "drop" a
mail bundle 
 FV> in
 FV> someone's inbound and it be tossed with other mail. The other 
 FV> security
 FV> that is used in Fidonet is to have two inbound directories. One is 
 FV> for
 FV> secure (passworded) sessions and the other for insecure.

 FV> Netmail, in and of itself, is not secure. I can generally send a
 FV> Netmail (dial-up or IP, assuming you have both) to you even though I
 FV> don't have a password with me. If I attach a mail bundle to that
 FV> message, your tosser might just toss it without question (depending 
 FV> on
 FV> your setup). :-)

That's true, and the simplest way of bombing someone's system is to send
them an archived bundle that expands to a few gigabytes of zeroes.

Regards,

Jerry Schwartz

mailto:jerryschwartz{at}comfortable.com
http://www.writebynight.com

--- Msged/NT 6.0.1