Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 09 Apr 1999 23:35:25 -0600
From:      Wes Peters <wes@softweyr.com>
To:        Brett Glass <brett@lariat.org>
Cc:        security@FreeBSD.ORG
Subject:   Re: Interesting problem: chowning files sent via FTP
Message-ID:  <370EE31D.E6A8B0EC@softweyr.com>
References:  <4.2.0.32.19990409184654.045424d0@localhost> <4.2.0.32.19990409223443.0451c100@localhost> <4.2.0.32.19990409234113.04621730@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 
Brett Glass wrote:
> 
> At 10:19 PM 4/9/99 -0600, Wes Peters wrote:
> 
> >One of these days somebody needs to actually implement a mailer that
> >supports the "external reference" capability of MIME.  You know, you
> >attach a huge file to a mail message, and rather than sending the
> >file base64 encoded through the email system it sticks it on a secure
> >public server along with a list of who you've sent it to and an expiration
> >date.  The public server will allow only those who were sent the file to
> >retrieve it.  Once everyone has accessed the file OR the expiration date
> >has been reached, the file is quietly deleted from the public server.
> 
> I like that idea. The only trick would be authenticating the users who
> went to the public drop to pick up the file. You'd need to give them unique
> keys which they'd have to decode with some secret they had.... Perhaps
> their RSA private keys. And then re-encrypt with the repository's public
> key. Hmmm. This gets complicated.

I think the idea was to generate a one-time key that was transported in
the MIME header, with the idea that the document itself would be 
encrypted it if contained sensitive information.  The combination of
the key and your RSA encryption suffice for authentication, and using
the senders public key authenticates the sender to the recipient.  It's
basically the PGP scheme all over again, where the doubly encrypted 
data this time is an access key rather than an encryption secret.  You
could, of course, use the access key as an encryption secret as well.

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?370EE31D.E6A8B0EC>