Subject: Re: tcp-wrappers, tcpd, and NetBSD
To: None <current-users@NetBSD.ORG>
From: Greg A. Woods <woods@kuma.web.net>
List: current-users
Date: 03/18/1997 15:53:18
[ On Sun, March 16, 1997 at 11:21:14 (-0500), John F. Woods wrote: ]
> Subject: Re: tcp-wrappers, tcpd, and NetBSD
>
> Claiming that identd has nonzero positive value is just as silly as claiming
> that if you close your eyes when typing your password, no one can guess it.
> It's just as dangerous to publically defend it, too, since the more people
> who believe either of these, the wider the established hole for people who
> know better.
I think the problem with connection ident protocols is that they are not
used by 100% of the Internet. But of course even if they were, the
security (validity and availability, etc.) of system logs would still be
an issue.
Ident information doesn't increase trust, but if done right it can
enable auditability and thus provide increased accountability. Systems
with a need for a high degree of accountability can use the lack of
ident information to reject services, and if they keep good logs can
give this information back to sources of violators to help track them.
In any case, this is way off topic for current-users, and I've now made
this thread even longer with two more messages. Let's agree to
disagree, and if you're not running an identd don't expect to get
services from my machines (I'm considering even dropping un-idented
e-mail connections for this reason, since it'll make tracing spammers a
bit easier and if everyone did this it would make their job much harder
since they'd have to have working DNS and be able to suffer an ident
query for every piece of mail they inject ;-).
--
Greg A. Woods
+1 416 443-1734 VE3TCP robohack!woods
Planix, Inc. <woods@planix.com>; Secrets Of The Weird <woods@weird.com>