Re: Static IP addresses for Dial-up

Paul Ferguson <> Mon, 29 January 1996 19:32 UTC

Received: from by IETF.CNRI.Reston.VA.US id ab02881; 29 Jan 96 14:32 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa02877; 29 Jan 96 14:32 EST
Received: from by CNRI.Reston.VA.US id aa13735; 29 Jan 96 14:32 EST
Received: from ([]) by (8.6.10/8.6.10) with SMTP id FAA16520 for <>; Tue, 30 Jan 1996 05:08:30 +1100
Received: from pferguso-pc ( []) by (8.6.10/CISCO.SERVER.1.1) with SMTP id KAA23500; Mon, 29 Jan 1996 10:06:10 -0800
Message-Id: <>
X-Mailer: Windows Eudora Light Version 1.5.2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 29 Jan 1996 13:06:56 -0500
To: Piet Beertema <>
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Paul Ferguson <>
Subject: Re: Static IP addresses for Dial-up
Cc: Brian Carpenter CERN-CN <>,,,,, Robert Elz <>

At 05:18 PM 1/29/96 +0100, Piet Beertema wrote:

>    I can certainly understand the need for access control & security,
>    but with the use of a smart-card one-time password system, this is
>    a moot point. 

>Huh? How are you going to stop a system from "illegally"
>(in the sense of the provider, contracts, or whatever)
>acting as -say- www, ftp, or whatever server with such
>a one-time password system? You'll need access control
>*based on IP addresses* to reach that goal!

No, no, no. The concept of access-filtering based on source address is
easily spoofed, where the OTP password systems that I'm referring to 
are based on a concept of authentication-based access, which is much more 
reliable than a [possibly fake] source address.

This is not a new concept.

- paul