Date: Wed, 10 Feb 93 19:23:21 -0800
From: Rahul Dhesi <dhesi @
Having an identity server's output available allows us to hold a
specific userid, or the machine owner, accountable for the TCP/IP
Ahem. "The machine owner" is all that we EVER knew. The userid given
is, simply put, not trustworthy unless the machine owner is, and Ident
gives us NO assurance of the latter.
The original BSD triple says: someone on this machine owned this
connection. The Ident server says: somebody on this machine owned this
connection. Why? Because you can't assume, a priori, that root on
another machine is trustworthy, and that ANYTHING Ident says is useful.
As someone else on this list said: Ident may be useful for internal
security measures (you trust yourself, but don't trust your users), but
is utterly pointless for external security (machines you don't control
and therefore can't trust.)