Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!decvax!decwrl!ucbvax!GYRE.UMD.EDU!chris
From: chris@GYRE.UMD.EDU.UUCP
Newsgroups: mod.protocols.tcp-ip
Subject: Re:  port collisions
Message-ID: <8605162105.AA01298@gyre.umd.edu>
Date: Fri, 16-May-86 17:05:32 EDT
Article-I.D.: gyre.8605162105.AA01298
Posted: Fri May 16 17:05:32 1986
Date-Received: Mon, 19-May-86 20:19:04 EDT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 22
Approved: tcp-ip@sri-nic.arpa

Just to avert any confusion before it turns into a flame war:

	From: dab@mit-borax.arpa (David A. Bridgham)

	As far as I've found, this belief that some ports are secure
	while others aren't is only implemented by Berkekley [sic]
	Unix.  Since other IP implementations do not necessarily honor
	this belief, there is no security in using *secure* ports
	unless your network consists exclusively of machines running
	Berkelely Unix.

This is true, but not important.  The `proper' authorisation protocol,
as implemented by rcmd(), is to look for the host name in a list
of `trusted' hosts first.  Only after the host has been declared
`trusted' is the user name considered.  As long as one declares
only trust*worthy* hosts (specifically those that restrict access
to said ports) as trust*ed*, the protocol works.

For anything more complex, of course, a public-key cryptosystem or
other `better' authentication scheme is required.

Chris