[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: network controls are necessary

To: multi6@ops.ietf.org
Subject: Re: network controls are necessary
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Fri, 06 Dec 2002 12:54:02 -0500
In-reply-to: Your message of "Fri, 06 Dec 2002 08:49:46 PST." <DAC3FCB50E31C54987CD10797DA511BA1D2A64@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Christian" == Christian Huitema <huitema@windows.microsoft.com> writes:
    Christian> I am much more optimistic than Joel about the possibilities of hosts.
    Christian> The average PC has as much CPU and memory as the average router, if not

  As am I.

    Christian> Clearly, there is an issue with the smallest appliances, which can at
    Christian> best be expected to perform random choices. In most cases, it does not

  1) *Today's* smallest appliances rival the high end desktop systems of less than a
     decade ago.
  2) if the defaults work okay, except during network failures, it might not matter
     if my gas meter is a bit unresponsive. 

    Christian> There is also an issue with policy enforcement. However, we already have
    Christian> mechanisms to inform the hosts: router advertisements can carry
    Christian> preferences for this or that prefix or router; ICMP can inform the hosts
    Christian> that their choices are not acceptable. In fact, ICMP can also be used
    Christian> from the site exit router(s) to suggest alternatives on a case by case
    Christian> basis.

  Router advertisements I will trust. Not because they are unspoofable, but
because we have to secure them anyway (SEND issue).

  I would love to be able to secure ICMPs from the site exit routers. I am
skeptical that we will be able to do that. I expect my link-local routers to
be able to develop a trust relationship with the site exit routers much
easier than an end-system can.

  Yes, as Bill says, we have to have strong indications of cacheability.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPfDkOIqHRg3pndX9AQGn1gP/fKAefikkiGsZknAAzFHwrDsL7iSNkzw/
rI2j0xr71/7P/Cw7QvYFhCdVyXftVe1XKFu3FVfpF98ldy8UgcfYuPktHxLlV5v0
PX8q0vzJmaSAKlZ+1L9dn0o9on1iJdLblJlDwFtmfW3Md1UKpvSwgingvLQEvxAB
z8TzJRV5wdk=
=IKYO
-----END PGP SIGNATURE-----

References:
- RE: network controls are necessary
  - From: "Christian Huitema" <huitema@windows.microsoft.com>

Prev by Date: RE: network controls are necessary
Next by Date: RE: network controls are necessary
Previous by thread: RE: network controls are necessary
Next by thread: RE: network controls are necessary
Index(es):
- Date
- Thread