Re: Security statement

Jason Williams (streak@ccwf.cc.utexas.edu)
Tue, 2 Dec 1997 01:10:28 -0600 (CST)


On Mon, 1 Dec 1997, Robert Hsiung wrote:
> Copies of e-mail might be saved on computers en route, and though it is
> understood that the privacy of e-mail should be respected, people with
> access (authorized or not) to those files would have access to the contents
> of those e-mails.

Wow..that's news to me...I didn't know email was saved on the routers
while it was on its way to its destination. Of course, I'm no expert on
SMTP. From my limited knowledge, routers just route traffic to and from
computers on the internet. They aren't concerned with the type of data
it's transporting. (At least not until IPv6..with bandwidth management
and specs for priority)

> Logs of the senders and recipients of e-mail may also be
> kept.

I doubt routers keep logs of senders and recipients of email..I don't even
think they have the capability to do that. The lists of senders and
recipients can also be easily found out in unix with "mailq"

> With CU-SeeMe, however, data is not saved en route and logs of
> transmissions are not kept.

The difference I see between email and CU-SeeMe traffic is that CU-SeeMe
traffic is real-time. You won't have CU sessions bounce back like with
email. If your packets can't reach an IP you are sending to, they are
simply lost and not recovered. Email (sendmail and SMTP anyway...not sure
about POP3) is TCP based, not UDP based like CU-SeeMe.

> Regular mail and telephone conversations might potentially be intercepted
> during the process of transmission. This is also true of Internet-based
> communications, even when they are not saved en route. Access to
> intermediary computers, as well as relatively sophisticated software,
> would, however, be required.

Software which, as far as I know, has yet to be written and will probably
never be written due to the extremely limited use of it.

> Videoconferences must be segmented and
> digitized in order to be transmitted, so even if intercepted, they still
> would need to be re-transformed into audiovisual data and re-assembled in
> the correct sequence.

That's true of any application that uses TCP/IP. It's segmented into
packets and would have to be re-assembled at the destination for it to be
of any use to anyone. Email is segmented into packets as well and would
require re-assembling for it to make much sense...though Email isn't
usually encrypted and it's character based, so intercepting text messages
wouldn't be nearly as hard. (Kind of like the packet sniffers which sniff
out passwords on recently opened telnet sessions)

--
streak@ccwf.cc.utexas.edu    * Jason Williams -- Austin, Tx.  |     |
streak@mail.utexas.edu       * University of Texas at Austin  | ___ |
streak@cs.utexas.edu         * BS Computer Science             \_|_/
*************** http://ccwf.cc.utexas.edu/~streak/ **************|