ietf-asrg
[Top] [All Lists]

Re: [Asrg] seeking comments on new RMX article

2003-05-06 09:19:37
On Tue, May 06, 2003 at 07:59:58AM -0700, Dave Crocker wrote:

ps.  It strikes me that the RMX proposal is conceptually similar to the
old IDENT specification which purported to offer wonderful security but
was soundly rejected by the security community.


No, you completely missed the point and you still don't understand
how RMX works.

IDENT was useless, because the peer machine itself gives any random
answer. IDENT was useful as long as there were a few big UNIX and VMS
machines where hundreds of users logged in but hadn't have root
access.

Today we are in the personal computer and Windows age, where everyone
is his own admin and can reply anything he wants. Since the IDENT
query is directed to exactly where the TCP connection came from, you
are asking the attacker "what's your name". Obviously, if the attacker
uses a wrong sender address for SMTP, he won't give a better answer
for IDENT. That's why IDENT became useless.

In contrast, RMX doesn't ask the sending MTA, which could be the
attacker, but a third party, which can be relied on since the query
path doesn't depend on the incoming SMTP connection.

Again, please inform yourself before posting.

Wouldn't it be a good idea to take a few minutes and read the 
RMX draft before going on with flaming?


Hadmut

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg