[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: port blocking (was Re: CELP (was RE:) )

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: port blocking (was Re: CELP (was RE:) )
From: Tim Shepard <shep@alum.mit.edu>
Date: Wed, 25 Feb 2004 08:48:14 -0500
Cc: Multi6 List <multi6@ops.ietf.org>
In-reply-to: Your message of Wed, 25 Feb 2004 09:20:32 +0100. <7AC0E880-676B-11D8-8CC0-000A95CD987A@muada.com>

> Why would anyone want to filter based on port numbers? It provides no 
> real security, just headaches. On the other hand, I can understand that 
> people are unconfortable having internal hosts communicate with 
> external ones without being able to see what's going on. A way to solve 
> this would be to include firewalls in the authentication and 
> authorization negotiations.

Well, I agree with you.  But apparently there are some who have
raised objections to end-to-end encryption that does not allow a
meddling middlebox to discriminate based on port numbers.  I was
just pointing out that any such objection to HIP would be no
different than an objection to IPSEC in general.

			-Tim Shepard
			 shep@alum.mit.edu

References:
- Re: port blocking (was Re: CELP (was RE:) )
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: New multi6 draft: WIMP
Next by Date: Re: draft-savola-multi6-asn-pi-01.txt
Previous by thread: Re: port blocking (was Re: CELP (was RE:) )
Next by thread: Re: CELP (was RE:)
Index(es):
- Date
- Thread