[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]
On May 25, 2005, at 1:33 PM, Bound, Jim wrote:
I believe end-to-end security will be the norm in the future and
believe it to be a requirement for true end-to-end trust model. But, I
do believe the network must remain secure too.
yes and yes. The end system has to ensure that it is robust to attacks.
The network needs to be able to prevent unauthorized use of its
resources. The network can also help with various kinds of attacks -
ddos being an obvious example, but ping sweeps and other things being
also detectable and mitigable in the network. So using the network to
detect and deal with things that an end system misses is reasonable.
Please don't understand what I said to mean that I don't believe in an
end-to-end trust model. What I said was that I didn't think that it was
the only thing that would be implemented. I very much believe that
there will be prophylactic services in the network for the foreseeable
future, because there exist good network-related reasons for that to be
true.