Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.milw.wisc.edu!bionet!agate!ucbvax!A.ISI.EDU!CERF
From: CERF@A.ISI.EDU
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Loose and Strict source routing
Message-ID: <[A.ISI.EDU]31-Jan-89.19:47:37.CERF>
Date: 1 Feb 89 00:47:00 GMT
References: <8901311512.AA05344@sneezy.lanl.gov>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 20

Phil,

Unless I'm badly mistaken, there isn't any guarantee that
a non-source-routed internet packet has a valid source
address. Of course, responses to such a spoofed packet may
not make it back to the origin unless a cooperating gateway
helps out, or the source is on an Ethernet and is operating
in promiscuous mode. I suggest that, if source authentication
is an issue, you will need stronger tools/mechanisms than
avoiding the use of source routing of either type.

The general problem of authentication in the Internet is
very important, applies to many areas including, for example,
various control methods (e.g. network management subsystems)
and will probably require some form of cryptographic protection
to solve. The cryptography need not be used to conceal
information - merely to provide an unforgeable authentication
of the source.

Vint Cerf