ietf
[Top] [All Lists]

Re: Port numbers and IPv6(was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)

2005-07-19 15:36:32
On 19-jul-2005, at 23:35, Hallam-Baker, Phillip wrote:

Host and application security are not the job of the network.

They are the job of the network interfaces. The gateway between a
network and the internetwork should be closely controlled and guarded.

You may want to read up on the end-to-end principle (or argument, if you prefer). It's not the "network interface-to-network interface" principle.

In other words: if the endpoints in the communication already do something, duplicating that same function in the middle as well is superfluous and usually harmful.

Nobody is really proposing embedding security into the Internet backbone
(at least not yet).

Good thing too, as "security" is one of those words that really doesn't mean anything when you drill down.

But the backbone has always had controls enforced such as ingress and egress filtering. Most people think that carriers should not be allowing people to inject bogons.

As long as our network doesn't provide any mechanisms for receivers to reject unwanted incoming traffic filtering out packets with falsified source addresses can be slightly helpful, yes. But that's lightyears away from making filtering in the middle of the network an architecturally sound approach.

Modern security architectures do not rely exclusively on application
security. If you want to connect up to a state of the art corporate
network the machine has to authenticate. In the future every hub, every
router, every NIC will be performing policy enforcement.

And it still won't stop people from showing up at IETF meetings and transmitting their passwords in the clear over an open radio network. This is a road that leads nowhere: you can't tell with from a packet whether it's part of something evil or not.

Unfortunately we don't really have anything better right now. Sure, IPsec is great, but try replacing every instance of SSL (which is very vulnerable to denial of service, and not just the packet flooding type) with IPsec and you'll soon see that IPsec is way too hard to deploy as a general purpose end-to-end protection mechanism. (And for fundamental reasons, not just because the implementations aren't userfriendly enough.)

Whatever happened to speak softly, but carry a big stick? On the network, everyone shouts, but real consequences are far and few between.

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf