[359] in Zephyr_Comments
Re: exposure
marc@ATHENA.MIT.EDU (marc@ATHENA.MIT.EDU)
Mon Sep 4 23:58:04 1989
I have to disagree. The specific instance Jay is talking about is
Clearinghouse. CLH is supposed to be in a secret location (sigh...).
I should be able to send a message to a public instance (e.g. consult)
and not tell the world where I am. This is not an anonymous message,
merely a locationless one. If I call you from the house phone in
lobby 10, or a pay phone, and harrass you, you still don't know who
I am, even though you may know where the call originated.
I think a reasonable compromise is to have the server check the
location and and the authenticity. If one (or both) of these is
correct, the message will be delivered. If I bother you from a hidden
location in an authentic message, I still know enough to find out who
you are. Same thing applies to an unauth message from the correct
location. Unfortunately, sending as root is still a problem, as anyone
can become root, and finger then becomes useless.
