an example of ident incompatibility
"Daniel J. Bernstein" <brnstnd@kramden.acf.nyu.edu> Sun, 06 September 1992 09:27 UTC
Received: from NRI.NRI.Reston.Va.US by IETF.NRI.Reston.VA.US id aa04461; 6 Sep 92 5:27 EDT
Received: from ietf.NRI.Reston.Va.US by NRI.Reston.VA.US id aa20382; 6 Sep 92 5:29 EDT
Received: from ietf.nri.reston.va.us by IETF.NRI.Reston.VA.US id aa04454; 6 Sep 92 5:27 EDT
Received: from NRI.NRI.Reston.Va.US by IETF.NRI.Reston.VA.US id aa04416; 6 Sep 92 5:23 EDT
Received: from KRAMDEN.ACF.NYU.EDU by NRI.Reston.VA.US id aa20354; 6 Sep 92 5:26 EDT
Received: from LOCALHOST by KRAMDEN.ACF.NYU.EDU (5.61/1.34) id AA03001; Sun, 6 Sep 92 08:34:14 GMT
Message-Id: <9209060834.AA03001@KRAMDEN.ACF.NYU.EDU>
To: ietf@NRI.Reston.VA.US, iesg@NRI.Reston.VA.US, rfc931-users@kramden.acf.nyu.edu, ident@NRI.Reston.VA.US
Subject: an example of ident incompatibility
Date: Sun, 06 Sep 1992 04:34:05 +0100
From: "Daniel J. Bernstein" <brnstnd@kramden.acf.nyu.edu>
In a recent message to the rfc931-users list, Mike StJohns claimed that there are no incompatibilities between IDENT and TAP. IDENT is the protocol he defined and recently submitted to the IESG; it is specified to run on TCP port 113. TAP is the protocol used since early 1990 on TCP port 113 on the Internet; it is defined by more than six independent server implementations and two independent client implementations running on hundreds of hosts. Both protocols are derived from the protocol defined in RFC 931. Here is a simple example proving that Mike StJohns's claim is incorrect. An IDENT server is allowed to send lowercase tokens, like ``userid''. But the client software used today checks for ``USERID'' and will treat ``userid'' as an error. This is a serious incompatibility: it will cause valid data to be lost. One cannot expect IDENT to be useful if its first implementors run into problems like this. This example also illustrates technical incompetence. An IDENT client must translate from ASCII lowercase to ASCII uppercase before testing the server's response against an expected string. This extra complexity serves no purpose: an IDENT server sees no convenience in sending lowercase tokens. This example also illustrates the lack of consensus on the StJohns document. Despite appearances, the StJohns document is the work of a very small number of people, and has received tremendous opposition on the ident mailing list. This particular example accounted for five of the 73 problems which I summarized in a message to the ident list at the end of June. StJohns ignored my message and did not fix his document. Later he admitted that he had a policy of ignoring my objections. Icarus Sparry, Anders Andersson, and Christopher Davis criticized this policy and asked StJohns to consider the 73 problems, but StJohns failed to do so. Nobody defended StJohns---he simply ignored the objections. And thus an IDENT server is still allowed to send ``UsEriD''. Utterly trivial to fix, but not fixed. This is by no means the only example. It is simply the most obvious. In a forthcoming message under the title ``objection to ident submission'' I give full details of many technical problems with IDENT, further incompatibilities with current use of TCP port 113, and historical summaries demonstrating the lack of consensus on the StJohns document. But that message is nearly 1000 lines long and, I admit, not a pleasure to read. So I'm giving this example here. Notes: 1. I believe draft-ietf-ident-idserver-02.txt from any internet-drafts directory is Mike StJohns's latest Ident spec. 2. See the authuser library for an example of current client use of port 113; most client TAP applications have been built around authuser. Another client implementation appears in Wietse Venema's log_tcp package. 3. As usual Mike made his claim about compatibility with the greatest of tact: ``Once again Dan his mistated [sic] facts... *sigh*'' 4. Current use of TCP port 113 is heavy: the latest statistics from Merit show nearly half a million packets for the port across the T1 backbone in June 1992 alone. Only thirty ports named in the Merit report had higher packet counts. 5. See ftp.lysator.liu.se:pub/tap/doc/TAP.RFC for a draft TAP specification. ---Dan
- Enough is enough Mark Crispin
- Re: an example of ident incompatibility Noel Chiappa
- an example of ident incompatibility Brian Lloyd
- an example of ident incompatibility Daniel J. Bernstein
- Re: an example of ident incompatibility Noel Chiappa