[178] in Hesiod
Re: Hesiod and system security
daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Wed Feb 23 23:08:58 1994
Date: Wed, 23 Feb 94 23:06:30 EST
From: jis@MIT.EDU (Jeffrey I. Schiller)
To: MDICKSON@CSI.compuserve.com
Cc: <hesiod@MIT.EDU>
Reply-To: jis@MIT.EDU
You ask a tricky question. There is a kerberos authenticated version of
Hesiod that exists (I believe DEC ships it with DECAthena, but I am not
sure). However the point of the authentication was for the client to
know that the information provided by the hesiod server was in fact
correct (i.e., not from an impostor hesiod server).
I don't believe that anyone has directly addressed the issue that you
raise here. Our philosophy about security at Athena has always been
around the notion that you protect (cryptographically if possible)
individual objects. Therefore knowledge of the existence of an object
(provided by Hesiod or via other means) is not a security concern.
Although Hesiod provides a convenient way for "bad guys" to find out
things about your environment, it is only one of several ways that the
bad guys can find information out. Protecting Hesiod therefore doesn't
really solve the problem (i.e., you only lock out the "stupid" bad guys,
who usually aren't the *real* problem, though these days they are the
most visible source of trouble).
-Jeff
