[1682] in North American Network Operators' Group
Re: Static IP addresses for Dial-up
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Mon Jan 29 13:13:04 1996
Date: Mon, 29 Jan 1996 13:06:56 -0500
To: Piet Beertema <Piet.Beertema@cwi.nl>
From: Paul Ferguson <pferguso@cisco.com>
Cc: "Brian Carpenter CERN-CN" <brian@dxcoms.cern.ch>, peter@unipalm.pipex.com,
nanog@merit.edu, cidrd@iepg.org, iab@isi.edu,
Robert Elz <kre@munnari.oz.au>
At 05:18 PM 1/29/96 +0100, Piet Beertema wrote:
> I can certainly understand the need for access control & security,
> but with the use of a smart-card one-time password system, this is
> a moot point.
>Huh? How are you going to stop a system from "illegally"
>(in the sense of the provider, contracts, or whatever)
>acting as -say- www, ftp, or whatever server with such
>a one-time password system? You'll need access control
>*based on IP addresses* to reach that goal!
>
>
No, no, no. The concept of access-filtering based on source address is
easily spoofed, where the OTP password systems that I'm referring to
are based on a concept of authentication-based access, which is much more
reliable than a [possibly fake] source address.
This is not a new concept.
- paul
