Newsgroups: alt.security From: Mark Crispin Subject: more Bernstein on SMTP tracing Content-Type: TEXT/PLAIN; charset=US-ASCII Message-ID: Sender: news@u.washington.edu (USENET News System) Organization: University of Washington Mime-Version: 1.0 Date: Wed, 6 May 1992 06:13:20 GMT Lines: 16 Bernstein is still clueless. A user on a personal workstation A can send mail to RFC-931 machine B that, to all appearances, is RFC-931 authenticated mail on RFC-931 machine C. I don't know about NYU, but we have a gaggle of personal machines in computer labs and offices. We haven't determined any way to guarantee such complete control over these machines that nobody, on any machine, at any time, can ever run evil software. Perhaps some university in Peking can do it, but we can't afford to have machine-gun armed security guards sitting watch over each box and every metre of coax, fiber, and twisted pair. Plug'n'play software to do such things exists. Fortunately, it is kept under very tight control. You won't find it on any FTP server. -- Mark -- (that's Mark with a `k', not a `c')