Re: ``WHY TAP?'': A White Paper
Theodore Ts'o <tytso@athena.mit.edu> Fri, 14 August 1992 17:58 UTC
Received: from ietf.nri.reston.va.us by IETF.NRI.Reston.VA.US id aa04627; 14 Aug 92 13:58 EDT
Received: from NRI.NRI.Reston.Va.US by IETF.NRI.Reston.VA.US id aa04623; 14 Aug 92 13:58 EDT
Received: from ietf.NRI.Reston.Va.US by NRI.Reston.VA.US id aa14464; 14 Aug 92 13:59 EDT
Received: from ietf.nri.reston.va.us by IETF.NRI.Reston.VA.US id aa04615; 14 Aug 92 13:58 EDT
Received: from NRI.NRI.Reston.Va.US by IETF.NRI.Reston.VA.US id aa04611; 14 Aug 92 13:58 EDT
Received: from TSX-11.MIT.EDU by NRI.Reston.VA.US id aa14454; 14 Aug 92 13:59 EDT
Received: by tsx-11.MIT.EDU with sendmail-5.61/1.2, id AA18996; Fri, 14 Aug 92 13:58:57 -0400
Date: Fri, 14 Aug 1992 13:58:57 -0400
From: Theodore Ts'o <tytso@athena.mit.edu>
Message-Id: <9208141758.AA18996@tsx-11.MIT.EDU>
To: "Daniel J. Bernstein" <brnstnd@kramden.acf.nyu.edu>
Cc: ident@NRI.Reston.VA.US
In-Reply-To: Daniel J. Bernstein's message of Thu, 13 Aug 92 18:56:49 +0100, <9208132256.AA01045@KRAMDEN.ACF.NYU.EDU>
Subject: Re: ``WHY TAP?'': A White Paper
Address: 1 Amherst St., Cambridge, MA 02139
Phone: (617) 253-8091
Date: Thu, 13 Aug 92 18:56:49 +0100 From: "Daniel J. Bernstein" <brnstnd@kramden.acf.nyu.edu> > At their heart they are based > on the assumption that a host running a TAP server is trying to benefit > the rest of the community. In fact the benefits of a TAP server _accrue > to the host running the server_. This theme will show up again in the > examples below. As long as you are willing to state that the fact that a host running a TAP server has *no* (or negligible) benefit to the rest of the community, I would be willing to agree with the statement that runing a TAP server *may* have some benefit to the host running the server. Given this, though, it is completely unacceptable for a server to deny a connection service based merely on the absence or presense of a server on port 113. Perhaps there should be something like that in the draft? network problems. In particular, it completely stops the problem of above-TCP mail forgery. Anyone can send an anonymous message (through the post office if all else fails!), but, with TAP, normal users on your machine can't send messages which look like they came from other users. No, it does not stop the problem of above-TCP mail forgery. It means that after the fact, if you think someone from your site has forged mail, you will be able to figure out whodunit after the fact. Remember, people may be responding with encrypted tokens, so you won't be able to use this to stop TCP mail forgery. Again, the rest of the community does not benefit from a host running the ident protocol, because they have no way of knowing whether or not the host is actually sending back real usernames or not. - Ted
- ``WHY TAP?'': A White Paper Daniel J. Bernstein
- Re: ``WHY TAP?'': A White Paper Theodore Ts'o
- Re: ``WHY TAP?'': A White Paper Anders Andersson
- Re: ``WHY TAP?'': A White Paper Theodore Ts'o
- Re: ``WHY TAP?'': A White Paper Anders Andersson
- Re: ``WHY TAP?'': A White Paper Peter Eriksson
- Re: ``WHY TAP?'': A White Paper Daniel J. Bernstein
- Re: ``WHY TAP?'': A White Paper Daniel J. Bernstein