RE: Port numbers and IPv6(was: I-D ACTION:draft-klensin-iana-reg-policy-

Host and application security are not the job of the network.


They are the job of the network interfaces. The gateway between a
network and the internetwork should be closely controlled and guarded.

Nobody is really proposing embedding security into the Internet backbone
(at least not yet). But the backbone has always had controls enforced
such as ingress and egress filtering. Most people think that carriers
should not be allowing people to inject bogons.

Modern security architectures do not rely exclusively on application
security. If you want to connect up to a state of the art corporate
network the machine has to authenticate. In the future every hub, every
router, every NIC will be performing policy enforcement. 

De-perimeterization is not really about removing the firewalls, it is
really about making every part of the *network* into a security control
point. 




_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: Test version of the Parking Area, Bruce Lilly

Next by Date:

Re: Port numbers and IPv6 (was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt), John Kristoff

Previous by Thread:

RE: Port numbers and IPv6 (was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt), Hallam-Baker, Phillip

Next by Thread:

Re: Port numbers and IPv6(was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt), Iljitsch van Beijnum

Indexes:

[Date] [Thread] [Top] [All Lists]

RE: Port numbers and IPv6(was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)