nanog mailing list archives
Re: Suggestion for improved identD
From: Sean Donelan <SEAN () SDG DRA COM>
Date: Fri, 22 May 1998 15:22:37 -0500
The question here is 'trust'. Why bother using ident in ANY code anymore if it can't be trusted? Yet it still is. So move the trust demarcation point to where the user has no control over it. Remember, if its a static IP or network client, you don't proxy ident requests - since the static IP is the demarcation point of trust. They can change their ident, but no matter what, their IP or network still stays the same.
The problem is 'indemnification.' If you want to authenticate or postively identify the origin of a connection, well I suspect you already know the answer. I'm not going to promise just because you received a packet allegdly from my network, that it originated on my network. And there is no demarcation point in the network, outside the portion you directly control, you positively know the user has no control over. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
Current thread:
- Re: Suggestion for improved identD, (continued)
- Re: Suggestion for improved identD Tom Perrine (May 22)
- Re: Suggestion for improved identD Manar Hussain (May 22)
- prosecuted a DoS (smurf) ? Tom Perrine (May 26)
- Re: prosecuted a DoS (smurf) ? Tim Gibson (May 27)
- Re: Suggestion for improved identD Derek Balling (May 22)
- Re: Suggestion for improved identD Brett Frankenberger (May 22)
- Re: Suggestion for improved identD Adrian Chadd (May 22)
- Re: Suggestion for improved identD Dean Anderson (May 22)
- Re: Suggestion for improved identD Edward S. Marshall (May 22)
- Message not available
- Re: Suggestion for improved identD Jay R. Ashworth (May 21)