Protocol Action: Identity Protocol and MIB to Proposed Standard

IESG Secretary <iesg-secretary@CNRI.Reston.VA.US> Mon, 07 December 1992 22:49 UTC

To: Jon Postel -- RFC Editor <postel@isi.edu>
To: IETF-Announce:;
Cc: Internet Architecture Board <iab@isi.edu>
Cc: The Internet Engineering Steering Group <IESG@IETF.CNRI.Reston.VA.US>
Cc: ident@CNRI.Reston.VA.US
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: IESG Secretary <iesg-secretary@CNRI.Reston.VA.US>
Subject: Protocol Action: Identity Protocol and MIB to Proposed Standard
Date: Mon, 07 Dec 1992 17:48:11 -0500
Message-ID: <9212071748.aa23340@IETF.CNRI.Reston.VA.US>

   The IESG has approved the Ident protocol and the Ident MIB as
   Proposed Standards.  The protocols are documented in the Internet
   Drafts:

   "Identification Server" <draft-ietf-ident-idserver-03.txt>

   "Ident MIB"  <draft-ietf-ident-mib-03.txt>  

   These protocols are the product of the TCP Client Identity Protocol
   Working Group.  The IESG contact person is Steve Crocker.

Technical Summary

   The Identification Server Protocol (aka "Ident", aka "the Ident
   Protocol", aka "the Identification Protocol") provides a means to
   determine the identity of a user of a particular TCP connection.
   Given a TCP port number pair, it returns a character or octet string
   which identifies the owner of that connection on the server's
   system.

   This is a connection based application on TCP.  A server listens for
   TCP connections on TCP port 113 (decimal).  Once a connection is
   established, the server reads a line of data which specifies the
   connection of interest.  If it exists, the system dependent user
   identifier of the connection of interest is sent as the reply.  The
   server may then either shut the connection down or it may continue
   to read/respond to multiple queries.  The client may close the
   connection down at any time.

   This protocol was originally proposed as an authentication
   protocol.  It has since been thoroughly understood that the
   infrastructure is generally too weak for this protocol to serve as
   an authnetication protocol, but the information supplied by this
   protocol is useful for auditing.  It is not intended as an
   authorization or access control protocol.  At best, it provides
   some additional auditing information with respect to TCP
   connections.  At worst, it can provide misleading, incorrect, or
   maliciously incorrect information.

   An important aspect of this protocol is that it is backward
   compatible with RFC 931 and TAP.

   The Identification MIB is defined to identifying the users
   associated with TCP connections.  It provides functionality
   approximately equivalent to that provided by the Ident protocol.

Working Group Summary

   This working group worked hard for its consensus.  There were two
   other approaches suggested for this protocol: RFC 931 (the
   predecessor to this work) and TAP (contributed principally by Dan
   Bernstein).  Consensus was elusive and achieving it often required
   the firm hand of the Chair.

   RFC 931 was an experimental protocol.  However, the specification was
   imprecise in a few areas and a small, informal group formed to revise
   the document.  The group blossomed into a working group when it was
   suggested to make the revised document a standards track document.

   TAP was proposed when consensus on how to present the security ---
   or rather the lack thereof --- of the protocol could not be
   reached.  Ultimately the revision to RFC 931 became the consensus of
   the group.

Protocol Quaility

   The Ident documents have been prepared according to expected
   Internet practice and represent readable documents.  Although no
   implementations of Ident are known to exist, there were a couple of
   implementations of RFC 931 and TAP.

Greg Vaudreuil
IESG Secretary

Protocol Action: Identity Protocol and MIB to Pro… IESG Secretary
Re: Protocol Action: Identity Protocol and MIB to… Alan Stebbens