On 9/9/2013 1:27 PM, Steve Crocker wrote:
Actually, I interpret the chemistry professor's comment in a different light. It would be possible to design a system where: o the standard end user software doesn't facilitate editing the other person's text, and o each piece of text is signed. The result would be a system where a recipient would know whether the person who is alleged to have written a piece of the message actually did so, and the normal mode of use would be to leave things untouched. Or, if you edit someone else's text, it immediately becomes your text.
The professor's comment was on function, not method. My comment was on the limitations to methods available at the time. In a controlled environment, with good resources, quite a bit is possible. Indeed, server-based "department-level" email products in the 1980s did enforce such restrictions. The single-administration servers had complete control over the message. Distribution with independent administrative authorities makes this a very different game. Enforcement by fiat is impossible. That's where signing comes in, of course. Modify the content and the signature fails. Besides the computational overhead -- which was relatively onerous back when the infrastructure was being established -- this requires that the receiver know and demand that the signature be present; this requirement has its own adoption barriers. Starting with a blank sheet and today's technologies, the requirement is possibly feasible to satisfy -- if we ignore the continuing human factors barriers to large scale email authentication. However given the resources at the time the operational service was developed, I think it wasn't. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net