On Saturday, May 8, 2004, at 11:31 AM, Iljitsch van Beijnum wrote:
Yes, this is good stuff. But I don't think distributed firewalling on
its own is the full answer.
I think it's pretty clear at this point that there is no full
answer, or that if there is it's multi-component and situation-
dependent. I think that it's pretty clear that we need to make
sure that we're allowing network administrators better control
of their own networks, and distributed firewalling can anchor that
(how security policy is passed around). Unfortunately I think there
will continue to be a need for firewalls at network borders, at
least towards the edge. NAT doesn't properly belong in this discussion
but since it's here anyway it should be regarded as part of the
network border packet filtering whatever and probably ought to be
included in participation in enforcing security policy.
Melinda
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf