Date: Fri, 09 Apr 1999 23:35:25 -0600 From: Wes Peters <wes@softweyr.com> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: Interesting problem: chowning files sent via FTP Message-ID: <370EE31D.E6A8B0EC@softweyr.com> References: <4.2.0.32.19990409184654.045424d0@localhost> <4.2.0.32.19990409223443.0451c100@localhost> <4.2.0.32.19990409234113.04621730@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote: > > At 10:19 PM 4/9/99 -0600, Wes Peters wrote: > > >One of these days somebody needs to actually implement a mailer that > >supports the "external reference" capability of MIME. You know, you > >attach a huge file to a mail message, and rather than sending the > >file base64 encoded through the email system it sticks it on a secure > >public server along with a list of who you've sent it to and an expiration > >date. The public server will allow only those who were sent the file to > >retrieve it. Once everyone has accessed the file OR the expiration date > >has been reached, the file is quietly deleted from the public server. > > I like that idea. The only trick would be authenticating the users who > went to the public drop to pick up the file. You'd need to give them unique > keys which they'd have to decode with some secret they had.... Perhaps > their RSA private keys. And then re-encrypt with the repository's public > key. Hmmm. This gets complicated. I think the idea was to generate a one-time key that was transported in the MIME header, with the idea that the document itself would be encrypted it if contained sensitive information. The combination of the key and your RSA encryption suffice for authentication, and using the senders public key authenticates the sender to the recipient. It's basically the PGP scheme all over again, where the doubly encrypted data this time is an access key rather than an encryption secret. You could, of course, use the access key as an encryption secret as well. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?370EE31D.E6A8B0EC>