Xref: utzoo comp.unix.questions:5727 comp.unix.wizards:6609
Newsgroups: comp.unix.questions,comp.unix.wizards
Path: utzoo!utgpu!jarvis.csri.toronto.edu!csri.toronto.edu!flaps
From: flaps@csri.toronto.edu (Alan J Rosenthal)
Subject: Re: Usenet Security
Message-ID: <1988Feb22.175256.12780@jarvis.csri.toronto.edu>
Organization: University of Toronto
References: <108@tron.UUCP> <2739@codas.att.com> <23504@hi.unm.edu> <7311@brl-smoke.ARPA>
Date: Mon, 22-Feb-88 17:52:56 EST

In article <7311@brl-smoke.ARPA> gwyn@brl.arpa (Doug Gwyn) writes:
>One way to not lose an appreciable degree of security due to modem
>access (assuming telephone line tapping is ruled out) is to have
>the system check an incoming user ID against an internal list and
>call back the phone number contained in the internal list to
>establish the real working connection.

Doesn't this just put the shoe on the other foot?  If you call the
other system back, you have to prove that it's you calling back.

In other words, I'm saying that it seems to me that this could work
only between a secure system and a not-so-secure system.  Two systems
cannot both use this strategy to talk to each other.

ajr
-- 
If you had eternal life, would you be able to say all the integers?