At 10:02 AM 1/30/95, Matt Blaze wrote: ....>As for the alternatives, I think the picture is pretty bleak, to tell
the truth. The cryptographically sound way to prevent spoofing is with authentication of the agreed key. But for the remote host to authenticate itself, it has to have a secret signature key. Where to store it? A typical machine, especially a multi-user, unattended server simply has no safe place to store keys. .... There would be on a secure "multi-user, unattended server". They are not easy to come by and they arn't really Unix. I don't get on my soap box very often but I couldn't resist your execelent opportunity. I think that security requires good crypto and good OS security. There are Orange book rated systems that are rated to run hostile software in the same machine with Top Secret information.