On 19-jul-2005, at 23:35, Hallam-Baker, Phillip wrote:
Host and application security are not the job of the network.
They are the job of the network interfaces. The gateway between a
network and the internetwork should be closely controlled and guarded.
You may want to read up on the end-to-end principle (or argument, if
you prefer). It's not the "network interface-to-network interface"
In other words: if the endpoints in the communication already do
something, duplicating that same function in the middle as well is
superfluous and usually harmful.
Nobody is really proposing embedding security into the Internet
(at least not yet).
Good thing too, as "security" is one of those words that really
doesn't mean anything when you drill down.
But the backbone has always had controls enforced such as ingress
and egress filtering. Most people think that carriers should not be
allowing people to inject bogons.
As long as our network doesn't provide any mechanisms for receivers
to reject unwanted incoming traffic filtering out packets with
falsified source addresses can be slightly helpful, yes. But that's
lightyears away from making filtering in the middle of the network an
architecturally sound approach.
Modern security architectures do not rely exclusively on application
security. If you want to connect up to a state of the art corporate
network the machine has to authenticate. In the future every hub,
router, every NIC will be performing policy enforcement.
And it still won't stop people from showing up at IETF meetings and
transmitting their passwords in the clear over an open radio network.
This is a road that leads nowhere: you can't tell with from a packet
whether it's part of something evil or not.
Unfortunately we don't really have anything better right now. Sure,
IPsec is great, but try replacing every instance of SSL (which is
very vulnerable to denial of service, and not just the packet
flooding type) with IPsec and you'll soon see that IPsec is way too
hard to deploy as a general purpose end-to-end protection mechanism.
(And for fundamental reasons, not just because the implementations
aren't userfriendly enough.)
Whatever happened to speak softly, but carry a big stick? On the
network, everyone shouts, but real consequences are far and few between.
Ietf mailing list