Re: Static IP addresses for Dial-up

marthag@mit.edu Tue, 30 January 1996 19:35 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa17711; 30 Jan 96 14:35 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa17706; 30 Jan 96 14:35 EST
Received: from nico.aarnet.edu.au by CNRI.Reston.VA.US id aa13787; 30 Jan 96 14:35 EST
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by nico.aarnet.edu.au (8.6.10/8.6.10) with SMTP id FAA13896 for <cidrd@iepg.org>; Wed, 31 Jan 1996 05:32:55 +1100
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: marthag@mit.edu
Received: from MAZE.MIT.EDU by MIT.EDU with SMTP id AB27501; Tue, 30 Jan 96 13:32:00 EST
Received: by maze.MIT.EDU (5.57/4.7) id AA16696; Tue, 30 Jan 96 13:32:02 -0500
Date: Tue, 30 Jan 96 13:32:02 -0500
Message-Id: <9601301832.AA16696@maze.MIT.EDU>
To: Paul Ferguson <pferguso@cisco.com>
Cc: Robert Elz <kre@munnari.oz.au>, Brian Carpenter CERN-CN <brian@dxcoms.cern.ch>, peter@unipalm.pipex.com, nanog@merit.edu, cidrd@iepg.org, iab@isi.edu
In-Reply-To: "[2323] in Classless InterDomain Routing"
Subject: Re: Static IP addresses for Dial-up

> At 09:36 PM 1/29/96 +1100, Robert Elz wrote:
> 
> >
> >That sounds like a perfect place for a dynamic address, however,
> >if he had that, it would make life harder for me.   With his
> >static address I can instal filters to give him more access to
> >my system at home (which is basically permanently connected, and
> >not a PC) than I allow all the rest of you.   (For Tony's
> >benefit - no, this is not relying on source address filtering,
> >I actually filter the packets that my system sends out, I will
> >let it send packets to him that I won't let it send elsewhere,
> >which has basically the same effect).
> >
> 
> I can certainly understand the need for access control & security, but
> with the use of a smart-card one-time password system, this is a moot
> point. 
> 
> - paul

You are ignoring the risks of the session being stolen after the
password is given.  Outbound filters will help this, strong end-to-end
encryption will prevent it.  

Martha Greenberg
marthag@mit.edu