-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Inline...
Given that this is opsec and that my major concern is the network elements
I am much more concerned about "off-path" or "blind attacks" then direct
attacks.
Customers generally don't attack the router they are connected to.
Peers generally don't attack the router they are connected to.
Some routers are on shared-access media. Other routers are connected
across unsecured network elements - e.g., to network management
components, etc. On-path doesn't mean directly connected on one hop - it
includes the entire path.
...
I *know* that the only way to secure a protocol is to throw
crypto at it.
Now I think I understand what you mean by secure.
I don't agree with your opinion. For example SSL is a form of encryption
but has done little to
secure http as sites have trained customers to ignore cert errors.
Banks put lock bitmaps on their pages to show how "safe" they are.
Phishers depend on this user confusion!
Mechanism cannot compensate for users that ignore it.
I also *know* that unexpected packets are *not* indications
of attacks.
In the router world packets destined towards my routers that are
"unexpected" are often an indication of attack or a misconfigured
system either can cause problems for the network and blocking it
TOWARDS the router is a BCP.
I'm talking about expectations within a TCP connection, or about the
establishment of TCP connections. This doc addresses TCP, not the
Internet in general.
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAknkrAEACgkQE5f5cImnZrvCuwCgmNXYuIsIz0D3sKZPGPS4s9I/
a4UAn1Y61FP4a45kZdAtGelzTp4ah51O
=Z6sO
-----END PGP SIGNATURE-----
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf