Xref: utzoo comp.unix.questions:5774 comp.unix.wizards:6667
Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!hc!beta!cmcl2!brl-adm!brl-smoke!gwyn
From: gwyn@brl-smoke.ARPA (Doug Gwyn )
Newsgroups: comp.unix.questions,comp.unix.wizards
Subject: Re: Usenet Security
Message-ID: <7337@brl-smoke.ARPA>
Date: 24 Feb 88 14:50:04 GMT
References: <108@tron.UUCP> <2739@codas.att.com> <23504@hi.unm.edu> <7311@brl-smoke.ARPA> <1988Feb22.175256.12780@jarvis.csri.toronto.edu>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 14

In article <1988Feb22.175256.12780@jarvis.csri.toronto.edu> flaps@csri.toronto.edu (Alan J Rosenthal) writes:
>In article <7311@brl-smoke.ARPA> gwyn@brl.arpa (Doug Gwyn) writes:
>>call back the phone number contained in the internal list to
>>establish the real working connection.
>Doesn't this just put the shoe on the other foot?  If you call the
>other system back, you have to prove that it's you calling back.

I was assuming that we were just concerned about dial-in penetration
of a system, from that (single) system administrator's point of view.

Genuine mutual authentication of identities is a difficult matter.
There have been several studies and proposals for this during the
last 10 years or so, usually based on use of "one-way" encryption
functions.  There are operational problems, such as getting the
initial identity registration validated..