Re: [Exim] ident - 2B|!2B

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Tamas TEVESZ
CC: Exim (E-mail)
Subject: Re: [Exim] ident - 2B|!2B
On Sat, 8 Sep 2001, Tamas TEVESZ wrote:

> it's totally useless. it had it's good reason to exist back in those
> days when machines were trusted, no joe out-of-the-blue average could
> put a machine on the net, but these days i don't see any reason for it
> to be run.


This is OT: but there _is_ a logical justification for an admin to run
the crypted identd on their system. If one of their users is
suspected of net abuse, the (alleged) victim can get a crypted token
which means nothing directly to _them_, but when presented to the
admin of the original system then decrypting it serves two valuable
purposes:

1. identifies the user account involved and pinpoints the occurrence,

2. proves that the accuser genuinely obtained this token and is
not just inventing accusations against the alleged net abuser.

(OK, that doesn't in itself prove that the occurrence was net abuse,
but at least it weeds out vague and trivial accusations from remote
sites).

Even when a remote site responds with plain text ident, on quite a
number of occasions we have been able to identify a compromised user
account to the remote admin, and from their reply it's been clear that
they have been only too glad to get a heads-up about their system
being misused by crackers as a base of operations for attacking other
sites.

So there's certainly some force in your argument, but I wouldn't call
the feature entirely worthless; but I'm surprised that the crypted
identd isn't more widely deployed instead of the plain-text one.

Sorry for the off-topic tangent, I'll shut up now.