North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Suggestion for improved identD

  • From: Edward S. Marshall
  • Date: Fri May 22 23:23:58 1998

On Thu, 21 May 1998, Tom Perrine wrote:
>     The desire here is essentially for a real-time authentication for
>     ad-hoc users from administrative domains over which you have no
>     control, which you may not "trust", and for which the user
>     identification (username/"nick") AND the IP address are selected
>     either by the user (the nick) or by the domain (dynamic IP
>     addresses).

Not authenticate. Authenticate would imply that the data being returned is
reliable.

All I think that people are asking for here is a unique identifier of that
user, that can be depended upon to return the same result every time a
query regarding that user is sent. That's all. It doesn't need to be a
username, or anything personally identifying; in fact, it -should- be
something obscure...the idea to use a hash of the username, for instance. 
Just something that uniquely identifies the user between sessions to
remote networks.

Using ident might be a poor choice for this, because of some people
wanting to operate their own ident mechanisms. Perhaps a new scheme, which
from the outset is "blessed" to be intercepted as it passes through a
terminal server, would be more politically correct.

>     What I don't understand is why you can't just present the IP
>     address, and the time of the mis-behavior to the network owners;

Laziness and lack of tools on the part of many ISPs. While a timestamp and
IP address can reliably and uniquely identify a user to an ISP, it can't
do so all by itself...someone at the ISP needs to take the time to
correlate that IP address and timestamp in logs.

Many ISPs, as unfortunate as it is, have no tools to perform quick lookups
like this. Thus, many complaints may fall on deaf ears, due to the
unwillingness of the ISP to investigate them (which in turn is due to
their lack of tools or skills to retrieve this information quickly).

Not that it's an excuse. But it's a rationale.

-- 
-------------------.  emarshal at logic.net  .---------------------------------
Edward S. Marshall  `-----------------------'   http://www.logic.net/~emarshal/

   Linux labyrinth 2.1.101 #2 SMP Sun May 10 22:34:20 GMT 1998 i586 unknown
       10:05pm up 1 day, 23:10, 3 users, load average: 0.01, 0.03, 0.00