Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!bloom-beacon!athena.mit.edu!jon
From: jon@athena.mit.edu (Jon Rochlis)
Newsgroups: comp.sys.next
Subject: Re: NeXT concerns
Message-ID: <9001@bloom-beacon.MIT.EDU>
Date: 29 Jan 89 01:44:18 GMT
References: <4474@umd5.umd.edu> <32681@tut.cis.ohio-state.edu> <33@xenlink.UUCP> <669@blake.acs.washington.edu> <32926@tut.cis.ohio-state.edu>
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: jon@athena.mit.edu (Jon Rochlis)
Organization: Massachusetts Institute of Technology
Lines: 27


>But I've got more concerns than trashing user file systems.  I'm
>not sure that Kerberos is the way to go, or as useful as they
>claim.  Anyone remember the recent hate mail incident involving
>Nancy Gould?  The mail was sent from some anonymous person who'd
>logged in as root at a public workstation at MIT and telnet'd to
>the SMTP port of her machine.  Guess you don't need to be
>authenticated to make use of worldwide network services.  Makes my
>little heart just *glow* with anticipation.

Face it, the lower level protocols (IP/TCP) don't have authentication
in them and I'm not holding my breath for something like Visa to catch
on big.  You must assume anybody can gain access to the network.  

The fault in the hate mail case you mention is not with allowing
unathenticated access to the network (there are dozens of unprotected
terminal servers out there and even more accounts with trivial
guessable passwords as the recent LLNL indicdents demonstrated.  The
problem is that SMTP does no real authentication.  If you had a
Kerberos-based (or other reasonable authentication system) SMTP then
you'd be in business (except of course for getting mail from the
majority over sites out there that aren't playing the game).  Mail is
a tought one in general.  If you're interested in how you might go
about doing authenticated mail in a reasonable way take a look at
RFC1040.

		-- Jon