an example of ident incompatibility

"Daniel J. Bernstein" <brnstnd@kramden.acf.nyu.edu> Sun, 06 September 1992 09:25 UTC

Message-Id: <9209060834.AA03001@KRAMDEN.ACF.NYU.EDU>
To: ietf@NRI.Reston.VA.US, iesg@NRI.Reston.VA.US, rfc931-users@kramden.acf.nyu.edu, ident@NRI.Reston.VA.US
Subject: an example of ident incompatibility
Date: Sun, 06 Sep 1992 04:34:05 +0100
From: "Daniel J. Bernstein" <brnstnd@kramden.acf.nyu.edu>

In a recent message to the rfc931-users list, Mike StJohns claimed that
there are no incompatibilities between IDENT and TAP. IDENT is the
protocol he defined and recently submitted to the IESG; it is specified
to run on TCP port 113. TAP is the protocol used since early 1990 on TCP
port 113 on the Internet; it is defined by more than six independent
server implementations and two independent client implementations
running on hundreds of hosts. Both protocols are derived from the
protocol defined in RFC 931.

Here is a simple example proving that Mike StJohns's claim is incorrect.
An IDENT server is allowed to send lowercase tokens, like ``userid''.
But the client software used today checks for ``USERID'' and will treat
``userid'' as an error. This is a serious incompatibility: it will cause
valid data to be lost. One cannot expect IDENT to be useful if its first
implementors run into problems like this.

This example also illustrates technical incompetence. An IDENT client
must translate from ASCII lowercase to ASCII uppercase before testing
the server's response against an expected string. This extra complexity
serves no purpose: an IDENT server sees no convenience in sending
lowercase tokens.

This example also illustrates the lack of consensus on the StJohns
document. Despite appearances, the StJohns document is the work of a
very small number of people, and has received tremendous opposition on
the ident mailing list. This particular example accounted for five of
the 73 problems which I summarized in a message to the ident list at the
end of June. StJohns ignored my message and did not fix his document.
Later he admitted that he had a policy of ignoring my objections. Icarus
Sparry, Anders Andersson, and Christopher Davis criticized this policy
and asked StJohns to consider the 73 problems, but StJohns failed to do
so. Nobody defended StJohns---he simply ignored the objections. And thus
an IDENT server is still allowed to send ``UsEriD''. Utterly trivial to
fix, but not fixed.

This is by no means the only example. It is simply the most obvious. In
a forthcoming message under the title ``objection to ident submission''
I give full details of many technical problems with IDENT, further
incompatibilities with current use of TCP port 113, and historical
summaries demonstrating the lack of consensus on the StJohns document.
But that message is nearly 1000 lines long and, I admit, not a pleasure
to read. So I'm giving this example here.

Notes: 1. I believe draft-ietf-ident-idserver-02.txt from any
internet-drafts directory is Mike StJohns's latest Ident spec. 2. See
the authuser library for an example of current client use of port 113;
most client TAP applications have been built around authuser. Another
client implementation appears in Wietse Venema's log_tcp package. 3. As
usual Mike made his claim about compatibility with the greatest of tact:
``Once again Dan his mistated [sic] facts... *sigh*'' 4. Current use of
TCP port 113 is heavy: the latest statistics from Merit show nearly half
a million packets for the port across the T1 backbone in June 1992
alone. Only thirty ports named in the Merit report had higher packet
counts. 5. See ftp.lysator.liu.se:pub/tap/doc/TAP.RFC for a draft TAP
specification.

---Dan

an example of ident incompatibility Daniel J. Bernstein
Re: an example of ident incompatibility Noel Chiappa
Enough is enough Mark Crispin
an example of ident incompatibility Brian Lloyd
Re: an example of ident incompatibility Noel Chiappa