[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#170069: ITP: grunt -- Secure remote execution via UUCP or e-mail using GPG

On Fri, Nov 22, 2002 at 12:55:07AM +0100, Josselin Mouette wrote:
> What if the attacker can intercept the messages ? He can prevent a
> message from being sent, and keep it for another day. Seeing your
> computer doesn't halt, you resend the message, and the attacker has 30
> days to use what he has stolen.
> A secure way to handle this would be a challenge/response
> authentification, or a system similar to SSH's one-time passwords.

No, I think it is an inherent problem with using E-Mail for such things.

As long as E-Mail is used, the possibility exists that the E-Mail will
get delayed.

If the E-Mail gets delayed it is not possible to cancel it, it has
already been sent.

An E-Mail could go missing due to bad mail configuration, could get
delayed due to a link going down, or deliberately (for example).

When the remote hosts does receive the E-Mail, it has no way of knowing
if the submitter still wants it to be executed or not.

Maybe it might be possible to send a "cancel" or "revoke" message to the
server, but presumably if initial E-Mail got delayed, the cancel/revoke
message would be delayed too.
Brian May <bam@debian.org>

Reply to: