From owner-freebsd-hackers  Sun Jul 11  1: 0:32 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id D10F714E89; Sun, 11 Jul 1999 01:00:20 -0700 (PDT)
	(envelope-from mark@grondar.za)
Received: from grondar.za (localhost [127.0.0.1])
	by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id JAA15467;
	Sun, 11 Jul 1999 09:58:52 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <199907110758.JAA15467@gratis.grondar.za>
To: chris@calldei.com
Cc: Ben Rosengart <ben@skunk.org>,
	"Brian F. Feldman" <green@FreeBSD.ORG>, hackers@FreeBSD.ORG
Subject: Re: a BSD identd 
Date: Sun, 11 Jul 1999 09:58:51 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>    The whole point of ident was -- and still is -- to
> authenticate or verify who created a specific TCP connection.  If
> the machine is untouched (i.e., has not had the root account
> compromised), then ident responses are usually trustworthy
> enough.  It is generally not applicable to single user operating
> systems like Windows, Mac OS, or DOS.

...in other words it is not applicable to the vast majority
of operating systems where it is used.

Where is ident used? Predominantly with IRC, with a minority holding
in tcp_wrappers and mail servers. In a "hard" wrapping environment,
by the time you need ident, it is most likely compromised.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message