Re: ``WHY TAP?'': A White Paper

["Daniel J. Bernstein" <brnstnd@kramden.acf.nyu.edu>]

In message <9208141758.AA18996@tsx-11.MIT.EDU> you write:
> As long as you are willing to state that the fact that a host running a
> TAP server has *no* (or negligible) benefit to the rest of the
> community, I would be willing to agree with the statement that runing a
> TAP server *may* have some benefit to the host running the server.

Ted, we're talking about security. Surely two security experts who can
define their terms and who consider the same situation will come to the
same conclusion. It's not a question of what one person is ``willing to
state''; it's a question of what's true. Truth, not facts.

> Given this, though, it is completely unacceptable for a server to deny a
> connection service based merely on the absence or presense of a server
> on port 113.

Don't be silly. In the Compart-A-Host situation it is essential that any
connection without username information be rejected.

>    network problems. In particular, it completely stops the problem of
>    above-TCP mail forgery. Anyone can send an anonymous message (through
>    the post office if all else fails!), but, with TAP, normal users on your
>    machine can't send messages which look like they came from other
>    users.
> No, it does not stop the problem of above-TCP mail forgery.

The problem is that a normal user, without violating security policy in
any other way, can send messages which look like they came from other
users. This is what I, and anyone else who has to deal with the problem
in the real world, call ``the problem of above-TCP mail forgery.'' TAP
stops this problem.

What, pray tell, do you mean by ``mail forgery,'' if not this problem?

---Dan