mailing list archives
stick with "anonymous" or "authenticated" when describing attacks
From: "Jonathan G. Lampe" <jonathan.lampe () standardnetworks com>
Date: Wed, 22 Dec 2004 13:39:52 -0600
At 11:27 AM 12/22/2004, Adam Shostack wrote:
I've long advocated 'credentialed' to refer to attacks where a user of
the system can execute the attack, and 'anonymous' or
'non-credentialed' to refer to refer to attacks on servers, such as
httpd, ftpd, or named.
The word "authenticated" already has the meaning of what I think you were
trying to express with "credentialed"; "authenticated" means that a user
has already presented credentials of some kind (username, password, PIN,
key, cert, token, etc.), that those credentials were accepted and that the
user enjoyed a different level of privilege than mere "anonymous" users.
The term "credentialed" suggests that a user has been issued credentials of
some kind, but that he/she may or may not have used them to authenticate to
a restricted resource. (The term "credentialed" is similar to the word
So...I'd stick with "anonymous" or "authenticated" when describing attacks
******************* PLEASE NOTE *******************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.