Signature Verification Before Opening
Thomas Wadner
mathese@eoni.com
Wed May 15 18:22:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings Group,
I was glad to read the thread on signing emails as a way to help
prevent spoofed email. In the same sense this can be applied to help
stop virii that are linked to attachements. Since virii can't sign
an email (unless you cache your passphrase or set it to auotmatically
do) if the email is not signed you can assume it is unsafe untill you
can verify that it was really sent. At this point of know of no
virii that can be spread just by being sent to a person (as of yet)
and it would seem to me that it would first have to be 'read' by some
program in the computer before it could be activated. Now, I'm just
a high school student so my knowledge is not real extensive, but
wouldn't be feasible - and wise - to have a program (or script) that
verify signatures _before_ they are opened, or for that matter even
downloaded to the computer? It would seem to me for Unix based
systems this could be incorporated into iptables or a tcpwrapper. A
rule based system as far as rejecting, or quarintines? Perhaps even
an automessage sent back to the person saying: The message sent on [
] with the subject [ ] has been rejected due to an invalid
signature... etc
I'm not sure on the standars of iptables (and similar) so it might
have to be a seperate program.
Any thoughts on the feasbility of this at this time?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32) - WinPT 0.5.5
Comment: For info see http://www.gnupg.org
iD8DBQE84osb/ySIBC4iChMRAkDOAJ9EM2G7GRLMKvDbwRFTS0PTcpGZ2ACdHQQp
o999I9gxRRuAdhiSoxvEosg=
=vqir
-----END PGP SIGNATURE-----