Path: utzoo!attcan!uunet!mcsun!hp4nl!nikhefk!werner
From: werner@nikhefk.UUCP (Werner Vogels)
Newsgroups: comp.protocols.tcp-ip.ibmpc
Subject: Re: The PC as a trusted client in a TCP/IP network
Summary: trusted workstations, kerberos
Message-ID: <599@nikhefk.UUCP>
Date: 21 Nov 89 20:23:16 GMT
References: <907@cgch.UUCP> <8911202309.AA06824@asylum.sf.ca.us>
Reply-To: werner@nikhefk.UUCP (Werner Vogels)
Organization: Nikhef-K, Amsterdam (the Netherlands).
Lines: 27

In article <8911202309.AA06824@asylum.sf.ca.us> romkey@asylum.sf.ca.us writes:
>This isn't the answer you're looking for, but I think it's just a bad
>idea to trust a PC in a networked environment.
>			- john romkey
>.......

I think you should treat PC's in the same way you treat other workstations :

	             NEVER TRUST THEM !!!!!!
		     
they are a main security problem. On machine's were a user can control all the 
memory and the devices, one can never be sure about the identity of the user,
the processes and the machine itself.

A solution to these authentication and authorization problems is provided
by Project Athena's (M.I.T) kerberos.  We are currently trying to port the
programming and data encryption libaries to the PC envirionment, so it might
be possible in the near future to have PC's use services on other machines. 

When we have succeeded we will notified the netcommunity about the diff's.

Werner H.P. Vogels

Software Expertise Centrum                      
Haagse Hogeschool, Intersector Informatica      tel: +31 70 618419
Louis Couperusplein 2-19, 2514 HP Den Haag      E-mail: werner@nikhefk.nikhef.nl
The Netherlands                                      or werner@hhinsi.uucp