[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [RRG] Are host-stack modifications allowed or disallowed ?
Earlier, Scott Brim wrote:
% Nice start. Let see if I can add anything ...
%
% A) Host changes
%
% - The system will need to be robust in the face of incorrect or
% malicious host changes. There can be incorrect or malicious router
% changes but ISPs understand the risks and the defenses better than
% destination hosts would.
I disagree that ISPs are inherently more security aware -- some are
and some aren't, just as some end sites are more security aware
than others.
Under IETF rules, any IETF standard needs to be robust from a
security perspective -- whether that involves changes one place
or another.
So I'd rate that as an important evaluation topic, but not
inherently advantageous either way.
% - The business model is difficult, because end system stack providers
% would not see an immediate benefit from implementing and pushing the
% changes.
The business model might or might not be difficult, because whether
OS implementers would see an immediate benefit (or a sufficient
benefit which is the real question, IMHO) will vary with the details
of the specific proposal.
So again, I'd rate that as an important topic, but not
inherently advantageous either way.
Both of those said, I do still think it likely that I missed some +/-
items somewhere. In any event, it is good that you raised
those issues so folks can mull them over. :-)
One of the other things for folks to consider is that with router changes
there actually are more than 2 router vendors who implement BGP and
also have non-trivial deployment. So having an implementation from
one (or two) router vendors, but not more, is a potential deployment
issue for a router-only approach.
I'm open minded about all of this. My main goal is to try
to encourage a full evaluation of all of the alternatives,
rather than any form of premature decision.
Cheers,
Ran
rja@extremenetworks.com
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg