Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!bloom-beacon!bu-cs!kwe
From: kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England))
Newsgroups: comp.protocols.tcp-ip
Subject: Re: IP based authentication of hosts
Message-ID: <29455@bu-cs.BU.EDU>
Date: 11 Apr 89 17:05:02 GMT
References: <376@ists.ists.ca> <29416@bu-cs.BU.EDU> <Apr.10.23.46.46.1989.12488@geneva.rutgers.edu>
Reply-To: kwe@buit13.bu.edu (Kent England)
Followup-To: comp.protocols.tcp-ip
Organization: Boston U. Information Technology
Lines: 27

In article <Apr.10.23.46.46.1989.12488@geneva.rutgers.edu> 
hedrick@geneva.rutgers.edu (Charles Hedrick) writes:
>Yes, with source routing you can fake IP addresses in such a way that
>you get a two-way conversation going to the wrong place.  
> [...]
> However in the end we're probably going to want
>encryption-based validation for everything.  I think even with kludges
>in the gateways, the days are numbered for security based on source
>addresses.


	I agree that encryption-based validation is important, but we
still want to be sure that the unencrypted data follows specific (in
some sense secure) routes.  I think TOS is the way to do this, but
until then I can structure my subnets in such a way that, with some
physical security, I have some assurance that unencrypted, sensitive
data cannot easily be snooped off the net.

	I would not want to allow someone with genuine
Kerberos-authenticated access to login from an "open" subnet.  I would
want some assurance that the data stream is following routes
controlled by the routers and not by the hosts.  (Another argument
against source routing :-)

	Is this reasonable?

	Kent England, BU