From: fc@all.net (Dr. Frederick B. Cohen)
To: adam@homeport.org (Adam Shostack)
Message Hash: 4af6ae3e11f8f24b5463edf6f2ebf6772c7b69f34b917b347dc579421aaa5f59
Message ID: <9510251406.AA10301@all.net>
Reply To: <199510251358.JAA24328@homeport.org>
UTC Datetime: 1995-10-25 14:09:01 UTC
Raw Date: Wed, 25 Oct 95 07:09:01 PDT
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Wed, 25 Oct 95 07:09:01 PDT
To: adam@homeport.org (Adam Shostack)
Subject: Re: Does your software?
In-Reply-To: <199510251358.JAA24328@homeport.org>
Message-ID: <9510251406.AA10301@all.net>
MIME-Version: 1.0
Content-Type: text
> This is a failure in the (TCP wrappers?) that should be
> reconfigured.
That's a policy decision, not a technical one. The policy I have
decided to follow is that I don't support people with non-authenticable
IP addresses. I feel it is in the best interest of the Internet and of
the organizations using the Internet (like Netscape) that I prevent
people from claiming to be from Netscape with possibly forged IP
addresses. You should feel free to make your policy decisions as
you feel best, while I certainly exercize that freedom on my end.
> Since the service you are providing is available without any
> authentication, there is no reason to match hostnames to IPs with a
> double reverse lookup.
That's not right. My service requires authentication in the sense of
not allowing obviously forged IP addresses. The audit trails generated
by the process allow me to my services, send mail (when people use the
ident daemon) about improvements. For example, there was an
inaccessible file due to an error on my part - my automated error
detection system popped the error up on the screen within a few seconds,
I investigated, fixed the proteciton setting, and sent email to the
person letting them know that the file was now accessible and that it
way my fault. This is also used as part of the identification process
used to assure that information is not sent to locations where I am
aware it is illegal to send it. For example, Singapore has restrictions
that make it illegal to send them certain things, and I check for their
addresses as part of my access controls - made feasible via the IP
address verification process.
> Since your server is secure, what does it really matter where
> the connections are coming from? If netscape chooses to hide host
> information, they should be allowed to.
Because secure means more than "you can't harm me by using it". It
implies integrity, availability, confidentiality, and redundancy to
provide assurance that those things are the case. It implies not only
keeping my site from being attacked, but trying to obey the laws of
countries from all over the world, keeping my site from being use to
attack other sites, limiting legal liabilities, and on and on. If
someone choses to use a non-verifiable network address, I choose to
not provide services.
> Cypherpunk relevance? Its wrong to demand authentication when
> you don't care. Airports, bars, 'anonymous' FTP servers and the like
> should all take the level of authentication they need.
It's wrong to make assumptions about what I care about when you haven't
asked me. I care about you and everyone else using the Internet. I
care enough to help prevent forgeries by not supporting them, and to
help people debug their (perhaps faulty) firewalls by identifying the
source of problems and helping them resolve them. I think that
authentication at some level is appropriate for anyone who uses
computers, even anonymously.
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Return to October 1995
Return to “Simon Spero <ses@tipper.oit.unc.edu>”