Re: Clarification of when authentication is used

Jeffrey C Honig <> Thu, 04 August 1994 00:50 UTC

Received: from by IETF.CNRI.Reston.VA.US id aa16765; 3 Aug 94 20:50 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa16761; 3 Aug 94 20:50 EDT
Received: from by CNRI.Reston.VA.US id aa22033; 3 Aug 94 20:50 EDT
Received: by id AA05407 (5.65c/UK-2.1-940401); Wed, 3 Aug 1994 20:50:49 -0400
Received: from MITCHELL.CIT.CORNELL.EDU by with SMTP id AA26035 (5.65c/UK-2.1-940401); Wed, 3 Aug 1994 20:50:40 -0400
Received: from (MITCHELL.CIT.CORNELL.EDU []) by (8.6.9/8.6.9) with ESMTP id UAA24050 for <>; Wed, 3 Aug 1994 20:47:43 -0400
Message-Id: <>
Subject: Re: Clarification of when authentication is used
In-Reply-To: Message from Gary Scott Malkin <> on Wed, 03 Aug 1994 10:29:06 -0400.<>
Organization: Information Technologies/Network Resources; Cornell University, Ithaca, NY
X-Mailier: MH-E [version 4.1+] MH [version 6.8.1]
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 03 Aug 1994 20:47:42 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Jeffrey C Honig <>

> That's a good point.  I guess that, for simple password, you must
> authenticate the queries, lest you give away the password.  For MD5,
> you don't, by default, authenticate queries.  I guess the MD5 proposal
> should include a statement about an optional switch which may be used
> to turn query authentication, when using MD5, on.

An alternative would be to specify a seperate authentication type and
key for queries.  If query packets use the same authentication as
updates, the update secret (or encrypted packets as input to a
cracking algorithm) can traverse more networks since queries can be
remote.  And the update secret needs to be known in more places.
Using a seperate secret would only allow an off-net cracker to learn
routing information, not forge it.

The sequence number should be ignored on MD5 authenticated user queries.