Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!ucbcad!ucbvax!OBERON.USC.EDU!estrin
From: estrin@OBERON.USC.EDU (Deborah L. Estrin)
Newsgroups: comp.protocols.tcp-ip
Subject: Security and Access Restrictions
Message-ID: <8710302306.AA05217@rt234.usc.edu>
Date: Fri, 30-Oct-87 18:06:13 EST
Article-I.D.: rt234.8710302306.AA05217
Posted: Fri Oct 30 18:06:13 1987
Date-Received: Thu, 5-Nov-87 04:43:31 EST
References: <533@cgcha.cgch.UUCP>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 17

If you have a serious interest in security then simply checking the
IP addresses is not adequate because it is very easy to spoof IP
addresses.  In addition, you might find it cumbersome to have a static list
of individual IP addresses if the network is large and decentralized.

I dont know of any other existing mechanisms in tcp/ip but we are experimenting
with something called Visa. If you are interested I can send you a paper
describing the scheme. Its intent is to solve the exact problem that
you describe and I would be very interested in finding out if you
think it would actually do so!

In addition, pls let us know if you discover other options as a result
of your query.

Deborah Estrin
Computer Science Dept
University of Southern California