Yes, I am speaking of what would be possible today with a fresh start. The fresh start would also include signatures and encryption as a required part of the design. (If everyone has to have a key, the key management problems would be greatly reduced.) Steve On Sep 9, 2013, at 4:36 PM, Dave Crocker <dhc@xxxxxxxxxxxx> wrote: > On 9/9/2013 1:27 PM, Steve Crocker wrote: >> Actually, I interpret the chemistry professor's comment in a >> different light. It would be possible to design a system where: >> >> o the standard end user software doesn't facilitate editing the other >> person's text, and >> >> o each piece of text is signed. >> >> The result would be a system where a recipient would know whether the >> person who is alleged to have written a piece of the message actually >> did so, and the normal mode of use would be to leave things >> untouched. Or, if you edit someone else's text, it immediately >> becomes your text. > > > The professor's comment was on function, not method. My comment was on > the limitations to methods available at the time. > > In a controlled environment, with good resources, quite a bit is > possible. Indeed, server-based "department-level" email products in the > 1980s did enforce such restrictions. The single-administration servers > had complete control over the message. > > Distribution with independent administrative authorities makes this a > very different game. Enforcement by fiat is impossible. > > That's where signing comes in, of course. Modify the content and the > signature fails. Besides the computational overhead -- which was > relatively onerous back when the infrastructure was being established -- > this requires that the receiver know and demand that the signature be > present; this requirement has its own adoption barriers. > > Starting with a blank sheet and today's technologies, the requirement is > possibly feasible to satisfy -- if we ignore the continuing human > factors barriers to large scale email authentication. However given the > resources at the time the operational service was developed, I think it > wasn't. > > > d/ > -- > Dave Crocker > Brandenburg InternetWorking > bbiw.net