IFX Mail Archive: RE: Authentication of Senders in IFAX

IFX Mail Archive: RE: Authentication of Senders in IFAX

RE: Authentication of Senders in IFAX

Nick Webb (nwebb@auco.com)
Mon, 1 Mar 1999 13:04:07 -0700

Don, Carl-Uno,
GSTN fax uses the CSID string to identify the user, but that's user-entered
so it's child's play to fake the sender. Yes, you can also fake an email
address, but that's more difficult (but still relatively easy). Why would
there be a *requirement* to authenticate with IPP2IFAX other than it would
be an improvement over the other methods?
Cheers,
Nick

cmanros@cp10.es.xerox.com on 03/01/99 10:01:04

To: don@lexmark.com
cc: ifx@pwg.org (bcc: Nick Webb/AUCO/US)
Subject: RE: Authentication of Senders in IFAX

Don,

I was just trying to make a point that when sending fax over email is
extremely easy to fake the sender identity.

The dduck address for Donald Duck actually works and shows up in my private
mailbox.

Carl-Uno

> -----Original Message-----
> From: don@lexmark.com [mailto:don@lexmark.com]
> Sent: Friday, February 26, 1999 4:26 AM
> To: cmanros@cp10.es.xerox.com
> Subject: Authentication of Senders in IFAX
>
>
> Who is this on your domain?
>
> **********************************************
> * Don Wright don@lexmark.com *
> * Director, Strategic & Technical Alliances *
> * Lexmark International *
> * 740 New Circle Rd *
> * Lexington, Ky 40550 *
> * 606-232-4808 (phone) 606-232-6740 (fax) *
> **********************************************
>
>
> ---------------------- Forwarded by Don Wright/Lex/Lexmark on
> 02/26/99 07:27 AM
> ---------------------------
>
> dduck%manros.com@interlock.lexmark.com on 02/25/99 03:35:14 AM
>
> Please respond to dduck%manros.com@interlock.lexmark.com
>
> To: ifx%pwg.org@interlock.lexmark.com
> cc: masinter%parc.xerox.com@interlock.lexmark.com (bcc: Don
> Wright/Lex/Lexmark)
> Subject: Authentication of Senders in IFAX
>
>
>
>
> Hi,
>
> The Goals draft talks about the requirement to authenticate
> senders and
> recipients.
>
> What kind of security will be needed to actually provide this?
>
> This also raises the question about how authentication is
> made in Simple
> Mode Fax today?
>
> Regards,
>
> Don
>
>
>
>
>