<inline>
Tom Petch
----- Original Message -----
From: "Iljitsch van Beijnum" <iljitsch(_at_)muada(_dot_)com>
To: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
Cc: "IETF General Discussion Mailing List" <ietf(_at_)ietf(_dot_)org>
Sent: Wednesday, July 20, 2005 12:36 AM
Subject: Re: Port numbers andIPv6(was: I-D
ACTION:draft-klensin-iana-reg-policy-00.txt)
On 19-jul-2005, at 23:35, Hallam-Baker, Phillip wrote:
Host and application security are not the job of the network.
They are the job of the network interfaces. The gateway between a
network and the internetwork should be closely controlled and guarded.
You may want to read up on the end-to-end principle (or argument, if
you prefer). It's not the "network interface-to-network interface"
principle.
In other words: if the endpoints in the communication already do
something, duplicating that same function in the middle as well is
superfluous and usually harmful.
Mmmm so if I am doing error correction in the end hosts, and somewhere along the
way is a highly error prone satellite lnk, then I should let the hosts correct
all the satellite-created errors? I don't think that that is the way it is
done.
Likewise, if my sensitive data mostly traverses hard to penetrate links (fibre)
but just somewhere uses a vulnerable one (wireless), then I just use application
level encryption, as opposed to adding link encryption over the wireless link in
addition? Again, I think not.
End-to-end is not always best but I am not sure which law of network engineering
points out the exceptions. Probably something to do with different levels of
entropy along the way.
<snip>
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf