Suggestion: PPP access devices intercept identD requests and return the authenticated access string.
Reasoning: Modern ``stacks'' used by end-users -- especially those on throwaway accounts, fake any identD response. This makes tracking those people tougher.
Methods: 1: identD v2, new port, intercepted by access devices which support it.
2: modification to hosts requirement RFCs, making access devices responsible for intercepting identD requests to their PPP clients.
3: a security RFC ``suggesting'' 1 or 2
Thoughts appreciated, as are comments, flames, blames, and anything of some content.
There isn't necessarily just a single user on the other end of a PPP connection. Many things will break if the actual user and the user that PPP intercepted identd asserts do not match. Providing such information may be a violation of confidentiality if it gives information about a person or that person's account, especially if the person does not want to give it out. Because the PPP access device cannot know, unless it also tracks all the traffic involved, what ports are in fact in use, it would have to give the response for any port, even if not in use. This means anyone can get the ID only by knowing the IP. This will be very VERY easy to abuse by spammers trolling for addresses, under the notion that the ident data generally would match the e-mail address for that domain. I believe you misunderstand the purpose of identd. It was intended to supplement the IP address on a multi-user system to narrow the focus of trust in cases where the system itself was trusted (not longer a valid assumption these days). Why do you want this data? And would you really want the correct userid from a multi-user system or a masqueraded network of multiple machines which the PPP device cannot know? -- Phil Howard | suck4it5@no1where.net stop1763@spammer1.edu stop9it3@s6p5a7m9.com phil | end6ads6@dumb3ads.net suck5it1@anyplace.org blow7me5@anyplace.com at | end0it35@anywhere.com end2ads4@lame0ads.org stop4698@anyplace.com ipal | stop0577@anywhere.edu no92ads1@s5p1a2m7.net a6b8c5d2@spam1mer.net dot | w1x7y9z6@spam8mer.edu die0spam@lame2ads.com crash308@spammer0.org net | end0ads7@dumbads6.org stop6it4@no05ads8.net no9way66@s8p7a9m6.net