[lug] open port
Peter Hutnick
peter at fpcc.net
Fri Mar 29 22:24:55 MST 2002
On Friday 29 March 2002 05:45 pm, rise wrote:
> On Fri, 29 Mar 2002, Peter Hutnick wrote:
> > To draw a parallel, it is like telnet. It can be used to good
> > effect in some situations, but for the most part it is more of a
> > liability than an asset. The simplest policy is to not use it.
>
> Of course relying on ident for authentication is a risk and it
> shouldn't be used for that purpose. Are you trying to suggest that my
> sending "[mDuZ1/SK35uB/AOYXjdAGCMsIZSItcam]" as a response to an ident
> query is a risk to me? Blindly running a clear-text ident server or
> trusting any ident server is a mistake, but using ident properly
> isn't.
>
> If your "simplest policy" forbids me accomplishing something useful in
> a way that violates no standards and puts me at no risk, why should I
> follow it?
I must not have been clear that I was talking about /mis/using ident by
relying on it for authentication.
The situation with telnet is the same, it is perfectly reasonable to use it
on a (truly) secure network. But, for the most part it makes more sense to
just not use it.
OTOH, if you use it sensibly and find value in it, I am certainly not trying
to talk you out of it.
You aren't the only one who read me this way. Maybe it isn't common
knowledge that some admins trust idnet's replies (from both unknown and
trusted servers) to make security decisions. Maybe the confusion is that
your guys have a level of faith in your fellow admins (and remember everyone
with a 386+ is potentially a UNIX admin these days) that makes you skeptical
of this. ;-)
Sorry to cause confusion.
-Peter
More information about the LUG
mailing list