Usenet Security

[Doug Gwyn]

In article <1988Feb22.175256.12780 at jarvis.csri.toronto.edu> flaps at csri.toronto.edu (Alan J Rosenthal) writes:
>In article <7311 at brl-smoke.ARPA> gwyn at brl.arpa (Doug Gwyn) writes:
>>call back the phone number contained in the internal list to
>>establish the real working connection.
>Doesn't this just put the shoe on the other foot?  If you call the
>other system back, you have to prove that it's you calling back.

I was assuming that we were just concerned about dial-in penetration
of a system, from that (single) system administrator's point of view.

Genuine mutual authentication of identities is a difficult matter.
There have been several studies and proposals for this during the
last 10 years or so, usually based on use of "one-way" encryption
functions.  There are operational problems, such as getting the
initial identity registration validated..