North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Suggestion for improved identD

  • From: Sean Donelan
  • Date: Fri May 22 16:32:59 1998

>The question here is 'trust'. Why bother using ident in ANY code anymore
>if it can't be trusted? Yet it still is. So move the trust demarcation point
>to where the user has no control over it. Remember, if its a static IP or
>network client, you don't proxy ident requests - since the static IP is the
>demarcation point of trust. They can change their ident, but no matter what,
>their IP or network still stays the same.

The problem is 'indemnification.'  If you want to authenticate or postively
identify the origin of a connection, well I suspect you already know the
answer.

I'm not going to promise just because you received a packet allegdly from
my network, that it originated on my network.  And there is no demarcation
point in the network, outside the portion you directly control, you positively
know the user has no control over.
-- 
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation