I previously asked the list's view concerning keeping user account names from
bing distributed freely (e.g. as part of mail address). I have received
several answers, most of them including the view that one should NOT
distribute any information about network structure, job specification or
other such stuff which might be generated from the GECOS field or implicitly
from the host name. I thank all who replied, and I naturally agree with
What some of you guessed, is that my question has more to do with policy than
with practical problems (well, the policy is becoming the problem :(...).
Please allow me to state my question in another way (again, sorry if this
borders on not being quite firewallish enough!?).
Assume my company (msp.se) is a large company. We are concerned about not
distributing unnecessary info, and thus have generic type mail addresses of
form: user @
Central mail hubs (parts of firewalls) enforce this and
even cleans up the comment field a bit, resulting in From addresses of
se (Firstname Lastname)
In order for this to work, all employees must have unique mail names. Assume
this is done by having a centrally administrated database of all such names,
and that each employee has a unique ID used as the mail name.
Also, on some systems, this ID is used also as the user account name (there
are several advantages to using a common ID for different purposes, such as
traceability of resource usage, convenient for users, real simple sendmail.cf
rewriting rules :), etc).
Assume now that some people feel uncomfortable with the fact that the ID is
both the mail name and user name in some systems, and that they want to
separate these two entities. They feel that they gain a security advantage
from doing this.
I am opposed to this notion. I feel that there is no REAL security gained by
doing this, and that it on the contrary can have negative impact on security
(lack of traceability, duplicate names, false sense of security).
I agree to the basic idea that we should not distribute any information which
could make it easier for the bad guys, but I also think that REAL security
cannot depend on obscurity in this case. If the mail name is the same as the
user account name, we need to make it very hard to mount an attack based on
that information (e.g. by disallowing any login attempts, always using strong
Am I missing something?
/// Martin F