Adam Back wrote:
Nodes in the received path can lie with RMX or UUCP, I think this is
the point. Ergo RMX only provides authentication when there is one
hop.
Exactly. The point-to-point authentication in UUCP provides NO more
level of authenticity than the peer IP address in a Received line - in
the one hop you (should be able to) trust - the one into your own machine.
Tracing back a UUCP message to the true origin is exactly the same thing
as tracing Recieved lines backwards. Before you can trust the next hop,
you have to _ask_ the sysadmin to check their logs. You can frequently
skip intermediate hops and go to the last one and ask their admin for a
corresponding record. But that's the same in UUCP and SMTP.
The only difference is that back in UUCP days, machines tended to be
multi-user, many orders of magnitude fewer of them, and many orders of
magnitude less email.
If we were using UUCP technology today (with the necessary scaling
modifications, such as much higher point-to-point levels, which is
impractical anyway), we'd have exactly the same problems we're having
with SMTP in establishing authenticity.
Authenticity has to be end-to-end (eg: signatures) before you can do
better than SMTP/UUCP can do on their own unless you plan on scaling
back the Internet by at least 5 orders of magnitude... I have fond
recollections of those days (UUCP and Usenet admin since 1982), but we
don't want to go back there, do we?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg