Clarification of when authentication is used

Gary Scott Malkin <gmalkin@xylogics.com> Wed, 03 August 1994 14:29 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa05311; 3 Aug 94 10:29 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa05307; 3 Aug 94 10:29 EDT
Received: from atlas.xylogics.com by CNRI.Reston.VA.US id aa07594; 3 Aug 94 10:28 EDT
Received: by atlas.xylogics.com id AA22189 (5.65c/UK-2.1-940401); Wed, 3 Aug 1994 10:29:20 -0400
Received: by atlas.xylogics.com id AA00450 (5.65c/UK-2.1-940401); Wed, 3 Aug 1994 10:29:06 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Gary Scott Malkin <gmalkin@xylogics.com>
Date: Wed, 3 Aug 1994 10:29:06 -0400
Message-Id: <450.199408031429@atlas.xylogics.com>
To: fbaker@acc.com
Cc: ietf-rip@xylogics.com
In-Reply-To: Fred Baker's message of Tue, 2 Aug 1994 16:45:43 -0800 <9408022345.AA03572@fennel.acc.com>
Subject: Clarification of when authentication is used

> I could imagine some implementations do a lot of things. The thing is,
> we've now mixed two very different applications with one mechanism. What
> the authentication needs to prevent, IMHO, is bad routing. Maybe secure
> implementations add a proprietary knob to disable responding to non-local
> requests, or only to certain requestors, I don't know. But that sounds like
> a proprietary issue.

That's a good point.  I guess that, for simple password, you must
authenticate the queries, lest you give away the password.  For MD5,
you don't, by default, authenticate queries.  I guess the MD5 proposal
should include a statement about an optional switch which may be used
to turn query authentication, when using MD5, on.

----------------------------------------------------------------------
Gary Malkin                                          Cheap, Fast, Good
(617) 272-8140                                       Pick two!