Comments on Ident server draft

[Hank Nussbacher <HANK%VM.TAU.AC.IL@taunivm.tau.ac.il>]

>Network Working Group                                       Mike StJohns
>Request for Comments:                                                DOD
>Supersedes: RFC912, RFC931                                     June 1992
>
>			Identification Server
>   USERID
>
>      In this case, <additional-info> is a string consisting of an
>      operating system name (with an optional character set
>      identifier), followed by a ":", followed by identification
>      string.
>
>      The character set (if present) is seperated from the operating
>      system name by "///".  The character set identifier is used to
>      indicate the character set of the identification string.  If a
>      character set identifier is omitted, the identification string
>      is assumed to be in "NVT-ASCII" (exception - see OCTET below).
>
>      Permitted operating system names and character set names are
>      specified in RFC-1060, "Assigned Numbers" or its successors.
>
>      [Note that "Assigned Numbers" does not currently list character
>      set names but should eventually include them both as a source
>      for this protocol and as the result of the work of the MIME
>      mail extensions working group.]
>
>      A particular operating system identifier implies a specific
>      consistent format for the user identification string.  E.g.
>      "UNIX" implies an 8 character user id.  An Ident server must use
>      an operating system identifier of "OTHER" if it returns a user
>      identification string which is not properly formatted (e.g.
>      "Michael StJohns, DOD, Analyst" is an invalid UNIX user id) -
>      see below.
>
>      This document defines a user identifier format only for one
>      operating system type - "UNIX".  A "UNIX" identifier consists of
>      up to 8 printable characters (in the specified character set)
>      not including white space (SPC, TAB) or carriage motion
>      characters (CR, LF, FF).  Other formats will be published later
>      as necessary.

Why not try to publish it with the RFC?  We all know that 4-5
operating systems cover about 95% of the connected systems.  Why
not define now: VMS, VM, MVS, etc.?  VM has the same definition as
Unix: 8 character limitation, as MVS does as well.

>
>      In addition to those operating system names specified in
>      "Assigned Numbers" there are two special case identifiers:
>      "OCTET" and "OTHER".
>
>      "OCTET" indicates the identifier is an unformatted octet string
>      - all octets are permissible EXCEPT \000 (NUL), \012 (LF) and
>      \015 (CR).  N.B. - space characters (\040) following the colon
>      seperator ARE part of the identifier string and may not be
>      ignored. A response containing an OCTET string is still
>      terminated normally by a CR/LF.  A character set MAY be
>      specified with OCTET, but can safely be ignored.
>
>      "OTHER" indicates the identifier is an unformatted character
>      string consisting of printable characters in the specified
>      character set.  "OTHER" must be specified if there is no
>      registered format for a user id for this operating system, if
>      the system wishes to return an identification which is not in
>      the format registered for this system (eg. an encrypted audit
>      token), or if there is a desire to hide the operating system
>      type.  The main difference between "OCTET" and "OTHER" is that
>      an "OTHER" identification string is expected to be printable in
>      the character set identified, or in the NVT-ASCII character set
>      if not explicitly identified.

What about PC systems that do not have an identifable user?  OTHER
should mean encrypted or hidden.  NONE should mean that there is
no userid defined on this particular operating system:

USERID : MS/DOS : NONE

rather than

USERID : MS/DOS : OTHER

Hank Nussbacher
Israel