Re: Security statement

ike relucio (ike_relucio@cyberdude.com)
Tue, 2 Dec 1997 22:40:29 +0800


actually, if we check the mail headers that come with our e-mail, there are
several lines that begin with "Received from ..." and states the name of a
server. Working downwards from the first "Received from" line, it is
possible to trace the path the the e-mail took from sender to receiver.

So I guess it may be possible that e-mail gets saved in computers en-route
to us. But then I wouldn't be tpp worried about that since the same laws
that would prevent your mailman from reading your snail mail probably
applies to e-mail as well.

-----Original Message-----
From: Jason Williams <streak@ccwf.cc.utexas.edu>
To: CU-SEEME-L@cornell.edu <CU-SEEME-L@cornell.edu>
Date: Tuesday, December 02, 1997 4:55 PM
Subject: Re: Security statement

>On Mon, 1 Dec 1997, Robert Hsiung wrote:
>> Copies of e-mail might be saved on computers en route, and though it is
>> understood that the privacy of e-mail should be respected, people with
>> access (authorized or not) to those files would have access to the
contents
>> of those e-mails.
>
>Wow..that's news to me...I didn't know email was saved on the routers
>while it was on its way to its destination. Of course, I'm no expert on
>SMTP. From my limited knowledge, routers just route traffic to and from
>computers on the internet. They aren't concerned with the type of data
>it's transporting. (At least not until IPv6..with bandwidth management
>and specs for priority)
>
>> Logs of the senders and recipients of e-mail may also be
>> kept.
>
>I doubt routers keep logs of senders and recipients of email..I don't even
>think they have the capability to do that. The lists of senders and
>recipients can also be easily found out in unix with "mailq"
>
>> With CU-SeeMe, however, data is not saved en route and logs of
>> transmissions are not kept.
>
>The difference I see between email and CU-SeeMe traffic is that CU-SeeMe
>traffic is real-time. You won't have CU sessions bounce back like with
>email. If your packets can't reach an IP you are sending to, they are
>simply lost and not recovered. Email (sendmail and SMTP anyway...not sure
>about POP3) is TCP based, not UDP based like CU-SeeMe.
>
>> Regular mail and telephone conversations might potentially be intercepted
>> during the process of transmission. This is also true of Internet-based
>> communications, even when they are not saved en route. Access to
>> intermediary computers, as well as relatively sophisticated software,
>> would, however, be required.
>
>Software which, as far as I know, has yet to be written and will probably
>never be written due to the extremely limited use of it.
>
>> Videoconferences must be segmented and
>> digitized in order to be transmitted, so even if intercepted, they still
>> would need to be re-transformed into audiovisual data and re-assembled in
>> the correct sequence.
>
>That's true of any application that uses TCP/IP. It's segmented into
>packets and would have to be re-assembled at the destination for it to be
>of any use to anyone. Email is segmented into packets as well and would
>require re-assembling for it to make much sense...though Email isn't
>usually encrypted and it's character based, so intercepting text messages
>wouldn't be nearly as hard. (Kind of like the packet sniffers which sniff
>out passwords on recently opened telnet sessions)
>
>--
>streak@ccwf.cc.utexas.edu * Jason Williams -- Austin, Tx. | |
>streak@mail.utexas.edu * University of Texas at Austin | ___ |
>streak@cs.utexas.edu * BS Computer Science \_|_/
>*************** http://ccwf.cc.utexas.edu/~streak/ **************|
>