Re: Clarification of when authentication is used

[Fred Baker <fbaker@acc.com>]

At  6:01 PM 8/2/94 -0400, Gary Scott Malkin wrote:
>> I dunno, I would agree with Jeff's assessment: it is information exchange
>> we are authenticating, we shouldn't break the management applications that
>> use RIP Requests to dump route tables. Having said which, seems like the
>> same logic applies to passwords.
>
>But that means there's no way to prevent outsiders from finding out what
>your routing table looks like.  Speaking for myself, I'd don't think that
>is a serious problem.  However, I remember, during the RREQ debates lo
>these many years ago, that some secure sites didn't even want to have to
>decrement the hop count for fear of giving away topology information.

:^)

        "you've left 'advice' and gone to 'meddlin'"

I could imagine some implementations do a lot of things. The thing is,
we've now mixed two very different applications with one mechanism. What
the authentication needs to prevent, IMHO, is bad routing. Maybe secure
implementations add a proprietary knob to disable responding to non-local
requests, or only to certain requestors, I don't know. But that sounds like
a proprietary issue.

=============================================================================
                        "In sound wisdom there are two sides"
                                        Zophar, Job 11:6