[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]

To: "Bound, Jim" <jim.bound@hp.com>
Subject: Re: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]
From: Fred Baker <fred@cisco.com>
Date: Thu, 26 May 2005 01:05:33 -0700
Cc: "John Spence, CCSI, CCNA, CISSP" <jspence@native6.com>, <v6ops@ops.ietf.org>, "Mark Smith" <ipng@69706e6720323030352d30312d31340a.nosense.org>, "Gunter Van de Velde (gvandeve)" <gvandeve@cisco.com>
Iim-sig: v:"1.1"; h:"imail.cisco.com"; d:"cisco.com"; z:"home"; m:"krs"; t:"1117094072.350412"; x:"432200"; a:"rsa-sha1"; b:"nofws:825"; e:"Iw=="; n:"sQYarK2E51MdcTiUqeif3F7cWdxIfoCiXhdfb9vD5ee/j0jXL15gbFxF2p" "XIweAblu0N6XAgK7k+wrbr7bQDJaCDqOmzqpRUBjIRQAXQ7NzadpmR3pUL6wxaRUtW+c43sl9jC" "50Qg1sXHpPjt8Y+Y16ioyQAQAdSunM4YhevURc="; s:"XbTKyocHNmlaznPm0QfFYvhWfFvgFETUzIeXhBb9olHI2RbS8gvGVdzJX65d+DuQtI7ldPHU" "YRUo2HNdwpe4n7VaciPzMeJQUjXJKmdR4pb/Rx3KuLVtq1ZfrIwDZgcCg50uD0V7T2YGkkT8wd1" "XrwEAiT6bMfvkTevFCXMM1zA="; c:"From: Fred Baker <fred@cisco.com>"; c:"Subject: Re: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]"; c:"Date: Thu, 26 May 2005 01:05:33 -0700"
Iim-verify: s:"y"; v:"y"; r:"60"; h:"imail.cisco.com"; c:"message from imail.cisco.com verified; "
In-reply-to: <936A4045C332714F975800409DE092404A11AF@tayexc14.americas.cpqcorp.net>
References: <936A4045C332714F975800409DE092404A11AF@tayexc14.americas.cpqcorp.net>

On May 25, 2005, at 1:33 PM, Bound, Jim wrote:

I believe end-to-end security will be the norm in the future and believe it to be a requirement for true end-to-end trust model. But, I do believe the network must remain secure too.

yes and yes. The end system has to ensure that it is robust to attacks. The network needs to be able to prevent unauthorized use of its resources. The network can also help with various kinds of attacks - ddos being an obvious example, but ping sweeps and other things being also detectable and mitigable in the network. So using the network to detect and deal with things that an end system misses is reasonable.

Please don't understand what I said to mean that I don't believe in an end-to-end trust model. What I said was that I didn't think that it was the only thing that would be implemented. I very much believe that there will be prophylactic services in the network for the foreseeable future, because there exist good network-related reasons for that to be true.

References:
- RE: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]
  - From: "Bound, Jim" <jim.bound@hp.com>

Prev by Date: RE: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]
Next by Date: Re: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]
Previous by thread: Re: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]
Next by thread: RE: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]
Index(es):
- Date
- Thread