Subject: Re: identd...
To: Andrew Brown <email@example.com>
From: David Maxwell <firstname.lastname@example.org>
Date: 12/13/2000 13:56:38
On Tue, Dec 12, 2000 at 05:17:38PM -0500, Andrew Brown wrote:
> >Maybe strong crypto (depending on how you define it) is not necessary to
> >do this from a strict technical point of view, but in the real world
> >using an encrypted reply makes a great deal more sense all around.
> it makes only slightly more sense than saying "six" each time your
> ident server is queried.
I don't know about 'great deal' - but I do see value in it being an
optional way to run your identd.
> it only suffices to say that there is a nice (not "good") way to use
> encryption to do ident service. his four points can be addressed as
[Good summary of how both methods solve the listed problems - omitted]
> >algorithm, but it didn't, so now I've re-integrated the support again,
> >but this time with at least 64-bit DES (if not even something better).
> there's still no use for it.
I think it comes down to this - who should have the responsibility for
maintaining the information?
If MY identd hands you a token which is all the information I will need
back from you if you file a complaint, then I'm no longer responsible
for maintaining my logs such that I can keep or throw them away without
regard to this particular use of them.
if MY identd hands you a timestamp, I'm now required to keep those logs
for a(n unknown) period of time.
> it's only use now is to give an opaque token to the remote admin that
> they can later hand back to you if they need some sort of information.
> if your logs have expired, then you can say "sorry...you took too long
> to ask me about that." it will be their loss, and they will be no
> worse off than if you hadn't been running one in the first place.
> i have yet to see a court case that *established* a statute of
> limitations that implied a time period over which a system admin is
> expected to archive his logs, so i don't expect the "law" can
> reasonably find themselves put off by your inability to provide logs.
> i keep mine only as long as they are interesting to me. i have a
> friend who reads (and deletes) his logs regularly.
The encrypted reply option would seem to solve the problem more completely.
(Except for regions with prohibition.)
David Maxwell, email@example.comfirstname.lastname@example.org -->
(About an Amiga rendering landscapes) It's not thinking, it's being artistic!
- Jamie Woods