Path: utzoo!attcan!uunet!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!ENG.SUN.COM!cpj
From: cpj@ENG.SUN.COM (Chuck Jerian)
Newsgroups: comp.protocols.tcp-ip
Subject: in re yp is insecure because it uses broadcast binding.
Message-ID: <8907050408.AA20722@sparky.Eng.Sun.COM>
Date: 5 Jul 89 04:08:36 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 18

The use of broadcast binding in yp makes it no more or less secure than
ip in general.  Ip uses the arp protocol over ethernet, and similar
protocols on broadcast/multicast capable media to locate the machine with
a given ip address.  In this regard the holder of any ip address is
as suspect as a putative yp server.  To authenticate any server of a given
service to a client, encryption is required.  The server must possess
some secret key.  Either a mutual authentication algorithm can be used,
such as Diffie Hellman, where the client also requires a secret key,
and a session can be created by using a conversation key based on the
combination of the Pa Sb == Sa Pb, or a certificate can be used from
RSA which only requires a public key for the server, or some private
key scheme can be used with a Needham Schroder authentication server,
(e.g. Kerberos).

Whatever scheme is used, the client can know that he is talking to 
the server who possess the appropriate secret key.

Scheme based on unecrypted addresses provide only the illusion of security.