Re: Minimal Authorization

Michael A. Dolan (miked@CERF.NET)
Sat, 13 Aug 1994 16:10:31 -0700


At 09:37 PM 8/13/94 +0200, Stephen D Crocker wrote:
>The essence of your argument is that nothing serious will happen if
>the password is stolen. If so, then it's basically unimportant to
>have a password in the first place; just use names without any
>protection at all.
>
>Once you go to the trouble of having state information specific to the
>user maintained on the server, i.e. a secret shared between the user
>and the server, you've already decided there's something worth
>protecting. In that case, protecitng the password in transit seems
>obligatory.
>
>You're arguing otherwise. I don't know of applications where it makes
>sense to have passwords but doesn't matter if the passwords are
>disclosed to unauthorized people as they're sent over the network. I
>suppose there might be such applications, but I don't know of any.
>
>The issue isn't whether the ordinary *user* is competent to mount a
>sniffing attack; the question is what the ordinary *hacker* will do.

The issue is not so black and white to me. There is a continuous
range of secured-ness of the various solutions from none to (theoretically)
unbreakable. If I am willing to take some risk, and I do not otherwise
jeopardize existing network security (such as using login passwords),
then it would seem I should be free to implement whatever suits my
needs. I am only jeopardizing my own secrets, so it should be my own
business how I handle it.

On the otherhand, if I want to rely on login passwords (ie someone else's
secrets), then that is another matter and one is expected to conform to
some minimal level of standards. From your previous email, I assume this
minimal level is S/Key.

Steve, is this a reasonable tact ? Can the problem be divided into these
two sets ?

Mike
-----------------------------------------------
Michael A. Dolan - <mailto:miked@cerfnet.com>
TerraByte Technology (619) 445-9070, FAX -8864