[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Asrg] Re: RMX provides auth for one-hop only (Re: privacy is a feature)

Adam Back wrote:

Nodes in the received path can lie with RMX or UUCP, I think this is
the point.  Ergo RMX only provides authentication when there is one
hop.
Exactly. The point-to-point authentication in UUCP provides NO more level of authenticity than the peer IP address in a Received line - in the one hop you (should be able to) trust - the one into your own machine.

Tracing back a UUCP message to the true origin is exactly the same thing as tracing Recieved lines backwards. Before you can trust the next hop, you have to _ask_ the sysadmin to check their logs. You can frequently skip intermediate hops and go to the last one and ask their admin for a corresponding record. But that's the same in UUCP and SMTP.

The only difference is that back in UUCP days, machines tended to be multi-user, many orders of magnitude fewer of them, and many orders of magnitude less email.

If we were using UUCP technology today (with the necessary scaling modifications, such as much higher point-to-point levels, which is impractical anyway), we'd have exactly the same problems we're having with SMTP in establishing authenticity.

Authenticity has to be end-to-end (eg: signatures) before you can do better than SMTP/UUCP can do on their own unless you plan on scaling back the Internet by at least 5 orders of magnitude... I have fond recollections of those days (UUCP and Usenet admin since 1982), but we don't want to go back there, do we?

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg