[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ACLs

To: "Smith, Donald" <Donald.Smith@qwest.com>
Subject: Re: ACLs
From: "George M. Jones" <gmjones@mitre.org>
Date: Wed, 23 Jul 2003 13:47:31 -0400
Cc: Randy Bush <randy@psg.com>, Florian Weimer <fw@deneb.enyo.de>, opsec@ops.ietf.org
References: <2D00AD0E4D36D411BD300008C786E4240D558FED@Denntex021.qwest.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Smith, Donald wrote:

The goal is to improve security:)
Writing requirements that the major router vendor can't support might mean
the requirements get ignored as TOO HARD.

Agreed.   There is a continuum from vendor marketing literature to
things that are impossible due to the laws of physics.

I'm hoping that we can some out with a list of real, attainable operator
requirements that are somewhere to the right of  marketing literature
and hopefull more than a set of least common denominators that
no one will object to.

I still believe acls that have little to no impact is an important
requirement
but getting a major router vendor to completely change their architecture
could take a few years.

Granted. But I think the case can be made that high performance hardware based
fiters are certianly best, mostly common, and definatly a practice. Do you think
this should be dropped to accomodate vendors who may currently have problems
with it ? Others ?

---George

References:
- RE: ACLs
  - From: "Smith, Donald" <Donald.Smith@qwest.com>

Prev by Date: Re: Ability to withstand well known attacks
Next by Date: Re: Ability to withstand well known attacks
Previous by thread: RE: ACLs
Next by thread: RE: ACLs
Index(es):
- Date
- Thread