![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
As I've been saying for years, "identd (identification protocol) is pointless and potentially dangerous." At least one of my readers (yes, you) will immediately recognize this analysis...
(By the way, I think there's one point you missed on the issue of its pointlessness: These days, just about every system that one might reasonably expect to provide a trustworthy and useful ident response -- except within enterprises -- is behind NAT anyway, and ident doesn't work through NAT to my knowledge. If anyone knows of a firewall that does properly forward ident across NAT, please let me know -- I'm curious.)
no subject
See section 5.2.1 :)
There are at least solutions possible.
I'm not going to get into a discussion of whether identd is good, bad or ugly (or any combination of the above).
no subject
you have to run them on the NAT box though.
ident is t3h g4y anyway. horrible protocol for needs of a time LOOONG past.
IRC servers need to stop using it and we can quietly let it die now.
I've blocked ident() at the FW level for the post 7 years or so, it's never given me a single problem doing that.
no subject
I am in full agreement with this. It's not like every Windows IRC client doesn't already forge it anyway.