[lug] open port

Riggs, Rob RRiggs at doubleclick.net
Thu Mar 28 13:35:24 MST 2002


I understand your rant. But I do disagree. IDENT is a relic of a more naive
time. Now, when anyone on a workstation has admin rights (my Linux box, the
Win95 box down the hall, etc.) IDENT cannot be trusted for anything.
Furthermore, IDENT came about at a time when most people used timesharing
systems (1984). And it *was* mean to be an authentication protocol. Heck,
prior to 1413, it was called the Authentication Service Protocol[1][2]. And
the original author did intend it to be used as such!  This is why it is
still labeled "auth" in /etc/services and called the AUTH protocol by many.

But my point was that it's useless for even basic identification, especially
for email, since most SMTP conversations are between daemons, and not user
to server. It's completely unnecessary between border MTAs. The "Received"
header is a far more useful tool for LART activation.

-Rob

[1] http://www.faqs.org/rfcs/rfc912.html
[2] http://www.faqs.org/rfcs/rfc931.html

-----Original Message-----
From: rise [mailto:rise at knavery.net]
Sent: Thursday, March 28, 2002 12:54 PM
To: 'lug at lug.boulder.co.us'
Subject: RE: [lug] open port


On Thu, 28 Mar 2002, Riggs, Rob wrote:

> Personally, I think AUTH stinks. It is only valid in a trusted
environment.
> It made sense when everyone logged in to a central server to read and send
> mail. When 99% of all mail is composed on individual workstations and
> relayed through a central server, it is a waste of bandwidth.

Rant warning (not directed at you, Rob, you're right about using it as
an authentication mechanism):

The Identification Protocol[0] stinks _as an authentication mechanism_
because it isn't one.  It's meant to be an identification mechanism,
in this case something that hands you an opaque token that you can
take to the server admin of the remote site and say "figure out who
this person is and LART them". 



More information about the LUG mailing list