Re: ``WHY TAP?'': A White Paper

Theodore Ts'o <tytso@athena.mit.edu> Sat, 15 August 1992 02:41 UTC

Date: Fri, 14 Aug 1992 22:42:10 -0400
From: Theodore Ts'o <tytso@athena.mit.edu>
Message-Id: <9208150242.AA21699@tsx-11.MIT.EDU>
To: Anders Andersson <andersa@mizar.docs.uu.se>
Cc: brnstnd@kramden.acf.nyu.edu, ident@NRI.Reston.VA.US
In-Reply-To: Anders Andersson's message of Fri, 14 Aug 92 21:12:33 +0200, <9208141912.AA20516@Mizar.DoCS.UU.SE>
Subject: Re: ``WHY TAP?'': A White Paper
Address: 1 Amherst St., Cambridge, MA 02139
Phone: (617) 253-8091

   Date: Fri, 14 Aug 92 21:12:33 +0200
   From: Anders Andersson  <andersa@Mizar.DoCS.UU.SE>

   Ted writes:
   > [...]  Again, the rest of the community
   > does not benefit from a host running the ident protocol, because they
   > have no way of knowing whether or not the host is actually sending back
   > real usernames or not.

   But does it matter to the IDENT client whether the identification tokens
   are real usernames or not?  

No, but....

   However, I do agree that use of the IDENT protocol does not prevent (in
   the technical sense) SMTP mail forgeries, but rather helps tracing the
   forger.  

This is what my comment was referring to.  I believe the sendmail patch
checks to see if the from address matches the username returned from the
ident server, either rejects or marks the mail as being forged if it
does not match.  This will clearly break if you are using encrypted
Ident username tokens.  

							- Ted

``WHY TAP?'': A White Paper Daniel J. Bernstein
Re: ``WHY TAP?'': A White Paper Theodore Ts'o
Re: ``WHY TAP?'': A White Paper Anders Andersson
Re: ``WHY TAP?'': A White Paper Theodore Ts'o
Re: ``WHY TAP?'': A White Paper Anders Andersson
Re: ``WHY TAP?'': A White Paper Peter Eriksson
Re: ``WHY TAP?'': A White Paper Daniel J. Bernstein
Re: ``WHY TAP?'': A White Paper Daniel J. Bernstein