On Tuesday, May 06, 2003 12:45 PM, Vernon Schryver
[SMTP:vjs(_at_)calcite(_dot_)rhyolite(_dot_)com] wrote:
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
] From: "Eric D. Williams" <eric(_at_)infobro(_dot_)com>
] > I think IDENT is in sendmail because it was supposed to be effective
] > against spam. It was not, and I think one major reason is that it
] > never reached the critical threshold.
]
] Side note: That is not the origin of IDENT protocol. IDENT had nothing to
do
] with 'spam'. It is a completely different beast with a completely
different
] and more esoteric origin.
That was originally true, except for the "esoteric" bit. However, if
the origins of IDENT were a relevant objection, then it would outlaw
RMX because DNS was not invented to deal with spam.
If it is originally true than it is true, is it not? Sure through away the
esoteric bit, fundamentally IDENT was not created to function as a subordinate
device for messaging systems. I only added that to correctly in my opinion
characterize the following:
The Identification Protocol (a.k.a., "ident", a.k.a., "the Ident
Protocol") provides a means to determine the identity of a user of a
particular TCP connection. Given a TCP port number pair, it returns
a character string which identifies the owner of that connection on
the server's system.
As you state IDENT nor DNS were developed to deal with 'spam'. And that is the
point I am arguing for, that existing technologies may be used to develop
viable anti-spam proposals.
] > Besides, IDENT for mail seems very similar to RMX. How would
] > checking IDENT values for incoming mail differ from checking RMX bits,
] > other than in trivial matters like using port 53 instead of 113?
]
] Huh? IDENT is not used for that type of purpose and should not be used to
] authorize or authenticate any activity on Internet.
Please justify that claim. I think it is entirely wrong. IDENT was
invented precisely to add accountability for bad actors; never mind
that I and many others argued from the start that it was a waste of
effort and bandwidth. That spam was not one of the original bad acts
is also irrelevant.
The claim is one of application of best security practices and as stated by the
security considerations in the IDENT RFC 1413, as I believe you know.
Additionally, IDENT logging MAY be used as 'auditing' information for TCP
connections, it should not be relied upon to make decisions such as those
associated with policy boundaries (authorization, access control). That is my
read on the RFC 1413.
Consider http://www.sendmail.org/~ca/email/doc/op-sh-2.html#sh-2.9
which starts:
} Sendmail supports the IDENT protocol as defined in RFC 1413. Although
} this enhances identification of the author of an email message ...
That the rest of that text suggests that some of the the people
responsible for sendmail think as little of that as I think of RMX
seems like yet another irrelevancy.
The rest of the text refers back to the RFC 1413, what is the point you are
trying to make? I think the RFC spells out clearly the security considerations
involved with IDENT.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg