ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Time to move beyond the 32 bit Internet.

2014-07-03 08:36:18
from [Michael Richardson] [Permanent Link] 

Fernando Gont <fernando(_at_)gont(_dot_)com(_dot_)ar> wrote:
    > On 07/01/2014 01:55 PM, Fred Baker (fred) wrote:
    >>
    >> That is a place I have well and truly scratched my head regarding
    >> the firewall discussion in the IETF. There’s a set of people,
    >> including me, that think that firewalls have a certain levee of
    >> utility and in any event are a business requirement.

    > FWIW, I'm in this camp.

reluctantly, I am still in this camp, but I regret a lot of things that
companies I was involved in did in the 1990s...

    >> And I tend to think that the conversation breaks down at that
    >> point. Everyone agrees on the first and second. When someone says
    >> “I want to block the third”, the response is “but I want to allow
    >> the second” without acknowledging or commenting on the third. And
    >> I just find myself shaking my head in disbelief. Wouldn’t it be
    >> nice of both speakers in the conversation would address the same
    >> subject?

    > I guess the fos arguing "but I want to allow the second" really mean
    > "I want to allow the second with no manual configuration or
    > upnp-kind-of-thing"?

I agree with Fred's description of the conversation, but it isn't complete.
The "I" in the sentence is not singular.  It has many different roles,
and they are often in conflict and they are often not empowered to actually
enact change.  Firewall problems in an enterprise are a symptom of a much
larger (society) scale systematic problem we have with bureaucracies.
(Imagine if the Vogons ran the Internet... some people, perhaps don't need to)

In the home, firewalls were never planned, and are the unintended result of
ISPs pushing NAT on end users.  (Either directly by giving them the box,
or indirectly by making multiple IP addresses unaffordable/unobtainable)

As for the "IoT with default password", that's exactly the security problem
that firewalls have *CAUSED*; and it's this part that I really regret.

--
Michael Richardson <mcr+IETF(_at_)sandelman(_dot_)ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: pgpPlvIyVSWOb.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Gen-ART LC Review of draft-ietf-6man-multicast-addr-arch-update-05, mohamed.boucadair
Next by Date:  Trustees Decide to Abandon “IETF Secretariat” Trademark, Tobias Gondrom
Previous by Thread:  Re: Time to move beyond the 32 bit Internet., Fernando Gont
Next by Thread:  Re: Time to move beyond the 32 bit Internet., Fernando Gont
Indexes:  [Date] [Thread] [Top] [All Lists]