identd (identification protocol) is pointless and potentially dangerous

Identification Protocol (also known as "auth" protocol, from the name given it in the UNIX /etc/services file), specified by RFC-1413, is a pointless and potentially dangerous protocol.

The identification protocol, in a nutshell, is as simple as this:

Someone (a client) walks up to your front door and knocks.

You (the server) ask, "who's there?"

The person at the door (the client) says, "It's John Q. Public!"

That's all there is to it.

It's Pointless

The fundamental assumptions behind the identification protocol are:

  1. Computers are multi-user timesharing systems with secured operating systems.

  2. The computer user and the computer systems administrator are different people.

  3. The computer systems administrator is trustworthy.

The upshot of these assumptions is that when your system contacts the identd server of a remote system, you can trust the data returned that supposedly identifies a user who is trying to use a network service on your server, because there is a trustworthy system administrator on the remote system who is watching over his users with an eagle-eye, and who will readily and happily identify his users to you because you asked.

Unfortunately, the majority of computer systems on the Internet today violate all of these assumptions, because they're personal computers running the Microsoft Windows "operating system":

  1. PC's running Windows have one user, and the operating system is not secure at all.

  2. The computer user and the computer systems administrator are the same person.

  3. The PC user may or may not be trustworthy - you can't know in advance.

The data that any PC will return in this protocol has no bona fides or other utility than as a random string of bits which may or may not have any relationship to the user of the remote system. It can't actually be used for anything real. The author of RFC-1413 says so explicitly in section 6 of the protocol specification (Go read it yourself - the whole document is only 16K bytes of text, and the "security considerations" section is just a few paragraphs).

It's Dangerous

There are some server administrators on the Internet who seem to believe that identification protocol has some utility, because they require it to use their services. These people are deluding themselves, lulling themselves into a completely false sense of security - they believe that they have an audit trail which they can use to grab users who abuse their services.

As the protocol description above demonstrates, this is the assumption of a fool.

Source Code for UNIX

Of course, if you're trying to use the services of some site that has decided against all common sense to require you to run identd, you might as well oblige them at minimal cost to yourself. To that end, I've coded up an identd that runs under inetd and is small, fast, and efficient. Feel free to audit the code yourself, compile it up for your variant of UNIX and run it to demonstrate the true utility of this protocol.


Erik Fair <fair@clock.org>
May 7, 2000