CZ Talk:Moderator Group/Policy decisions: Difference between revisions
imported>Howard C. Berkowitz (New page: ==Email forgery protections== Apologies if I'm inappropriately posting; please delete or move. First, it is possible, although not necessarily easy, to make email highly resistant to forg...) |
imported>Howard C. Berkowitz |
||
Line 12: | Line 12: | ||
If it comes to it, there are also computer forensic methods that are less certain, but can strongly suggest the authenticity of email given a set containing multiple emails, possibly using other contemporaneous communications (e.g., Forum posts). | If it comes to it, there are also computer forensic methods that are less certain, but can strongly suggest the authenticity of email given a set containing multiple emails, possibly using other contemporaneous communications (e.g., Forum posts). | ||
[[User: | [[User: David MacQuigg|Dave MacQuigg]] and [[User: Sandy Harris|Sandy Harris]] are very knowledgable in these areas as well. [[User:Howard C. Berkowitz|Howard C. Berkowitz]] 15:01, 31 October 2010 (UTC) |
Revision as of 09:27, 31 October 2010
Email forgery protections
Apologies if I'm inappropriately posting; please delete or move.
First, it is possible, although not necessarily easy, to make email highly resistant to forgery and other security attacks (e.g., replaying the same legitimate message to affect a poll). In general, these techniques are based on digital signatures.
Just as one example, one of the reasons that US medical practices have been reluctant to use email communications is the possibility of fraud. One workaround is to require patients to use the practice's own email client, accessed through their webpage, and with as strong authentication as possible. Invisible from the user is that it create a digital signature of the message.
A step more challenging is to accept mails from user email clients, which carry the appropriate digital signature. Signing plugins are available for most clients, although the free ones aren't necessarily easy to install.
So, it is possible to create a forgery-resistant email.
If it comes to it, there are also computer forensic methods that are less certain, but can strongly suggest the authenticity of email given a set containing multiple emails, possibly using other contemporaneous communications (e.g., Forum posts).
Dave MacQuigg and Sandy Harris are very knowledgable in these areas as well. Howard C. Berkowitz 15:01, 31 October 2010 (UTC)