Received: from localhost by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id BAA25735; Thu, 7 Mar 1996 01:57:43 -0500
Received: by CS.UTK.EDU (bulk_mailer v1.4); Thu, 7 Mar 1996 01:54:46 -0500
Received: from koobera.math.uic.edu by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id BAA25572; Thu, 7 Mar 1996 01:54:44 -0500
Received: (qmail-queue invoked by uid 666); 7 Mar 1996 06:56:37 GMT
Date: 7 Mar 1996 06:56:37 GMT
Message-ID: <19960307065637.16170.qmail@koobera.math.uic.edu>
From: djb@koobera.math.uic.edu (D. J. Bernstein)
To: drums@cs.utk.edu
Subject: Re: re PIPELINING

> You have several avenues of appeal;

What are you babbling about? Nobody but you has been such an idiot as
to suggest that my technical objections will be ignored.

It seems to me that Keith has been very cooperative in, for example,
noting the " ESMTP" de facto standard as something that should be
discussed briefly on Friday.

> Only a couple of days ago you were whining

I was correcting the false assertion that anyone can publish an RFC. My
message consisted entirely of quotes from other people, so it's hard to
see how you can attribute its tone to me.

Anyway, I have no reason to whine about TAP, since I won. Port 113 is
now more heavily used than port 79, and any implementation that doesn't
follow my spec is quickly found and fixed.

> because the RFC Editor rejected
> your TAP "authentication protocol" RFC, which was the context.

You're being dishonest again. The TAP spec doesn't even contain the
word ``authentication.'' (ftp.lysator.liu.se/pub/ident/doc/TAP.doc)

To everyone else: Here's a very simple way to see that something fishy
happened with TAP. There is a serious and undisputed technical flaw in
RFC 1413, which I pointed out _before_ the RFC was published. Explain.

Anyone who wants to understand why TAP is useful should consider this
question: if someone calls you and tells you that one of your 10,000
users has been probing his machine's defenses, how do you find the
culprit?

The obvious answer is ``logging,'' but connection logging is supported
by very few systems. TAP lets the _remote_ host log for you---and also
decide which connections are worth logging. The remote log is secure if
you encrypt your responses. Free code for all this is available for most
multiuser operating systems.

Don't trust what Mark says about this. Don't trust _anyone_. Review the
specs and implementations for yourself and you'll see that I'm right.

---Dan