Subject: Re: tcp-wrappers, tcpd, and NetBSD
To: None <current-users@NetBSD.ORG>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: current-users
Date: 03/16/1997 09:42:24
> [Proposed alternative to identd] [...], leaves the choice of whether
> to disclose the identity of the accused to the user's sysadmin, [...]

identd already does this - or at least one pidentd I saw did; all you
need to do is turn on the option to make it return encrypted tokens
instead of plain usernames or UIDs.  This provides protection against
user ID disclosure, protection against forged complaints, and
protection against traffic analysis by associating one connection with
another via identity of pidentd responses.  (Of course, it also means
that remote sites cannot ban-by-user, which is the flip side of the
last item.)

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B