Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!saturn!wyatt%cfa@husc6.harvard.edu
From: wyatt%cfa@husc6.harvard.edu (Bill Wyatt)
Newsgroups: comp.os.research
Subject: Re: Non-secure workstations (long) (Was: The NeXT Problem)
Message-ID: <5187@saturn.ucsc.edu>
Date: 20 Oct 88 01:51:58 GMT
Sender: usenet@saturn.ucsc.edu
Organization: Harvard-Smithsonian Ctr. for Astrophysics
Lines: 21
Approved: comp-os-research@jupiter.ucsc.edu


> [...]
> The problem with this is that there is no way to prove that the 'you'
> identifying 'yourself' is really you in the presences of promiscuous
> or tapable transmission media. [...]
> 
> [...]
> Anyway, authentication in a hostile network is at best a currently
> unsolved problem, and at worse an unsolvable problem.

Not true, at least if you allow *some* machines to be trusted.
Check out MIT/Athena's `Kerberos' network authentication system,
which involves having trusted (and presumably physically secure)
systems act as authenticators for other systems, which can be as
physically insecure as you like.
-- 

Bill    UUCP:  {husc6,cmcl2,mit-eddie}!harvard!cfa!wyatt
Wyatt   ARPA:  wyatt@cfa.harvard.edu
         (or)  wyatt%cfa@harvard.harvard.edu
      BITNET:  wyatt@cfa2
        SPAN:  cfairt::wyatt