At 01:08 AM 12/19/00 -0500, Theodore Y. Ts'o wrote:
OK, in that case, we've completely thrown out the end-to-end principle,
... then you shouldn't
be using IPSEC. You should be using TLS instead.
Unfortunately, the production Internet (ie, since 1983) has never been
fully end-to-end at the IP layer. Never.
Arguably it has never been end-to-end at the application layer, either, nor
even application-layer data.
Gateways have always been a part of the Internet. We have simply chosen to
ignore them, except for the case of email (smtp/x.400).
It's fine to create a clean architecture, but not very helpful to ignore or
complain about market-driven extensions (or work-arounds, or...) to it.
Folks -- people would not be making those extensions unless they
experienced benefit in them.
We claim to believe that the market is the ultimate venue for resolving
choice among standards. We need to acknowledge that that applies to
missing standards, as well as competing standards.
Dave Crocker <dcrocker(_at_)brandenburg(_dot_)com>
Brandenburg Consulting <www.brandenburg.com>
Tel: +1.408.246.8253, Fax: +1.408.273.6464