ietf
[Top] [All Lists]

Re: [BEHAVE] Can we have on NAT66 discussion?

2008-11-15 21:03:12
On 14 nov 2008, at 17:49, Hallam-Baker, Phillip wrote:

BGP is not a secure protocol.

Not disagreeing, but what makes for a secure protocol?

So why do you think it is appropriate for end user applications to make assumptions about end entity identity on the basis of source IP address?

I don't. But then again I don't believe in firewalls so it doesn't cost me anything to forego this assumption. But if all you have is a hammer and a nail comes along, you start hammering without asking too many questions. (I.e., addresses are there so if you have a firewall the natural thing is to filter based on them, even though it's problematic.)

If you take a look at DKIM you will see that the approach there is to independently authenticate the hops.

That didn't make sense in S-BGP so without being aware of the details of DKIM I'm going to assume it doesn't make sense there either.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf