[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]
thanks Fred we are in synch. thanks for clearing me up. I get it now.
/jim
> -----Original Message-----
> From: Fred Baker [mailto:fred@cisco.com]
> Sent: Thursday, May 26, 2005 4:06 AM
> To: Bound, Jim
> Cc: John Spence, CCSI, CCNA, CISSP; v6ops@ops.ietf.org; Mark
> Smith; Gunter Van de Velde (gvandeve)
> Subject: Re: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]
>
> On May 25, 2005, at 1:33 PM, Bound, Jim wrote:
> > I believe end-to-end security will be the norm in the future and
> > believe it to be a requirement for true end-to-end trust
> model. But, I
> > do believe the network must remain secure too.
>
> yes and yes. The end system has to ensure that it is robust
> to attacks.
> The network needs to be able to prevent unauthorized use of its
> resources. The network can also help with various kinds of attacks -
> ddos being an obvious example, but ping sweeps and other things being
> also detectable and mitigable in the network. So using the network to
> detect and deal with things that an end system misses is reasonable.
>
> Please don't understand what I said to mean that I don't
> believe in an
> end-to-end trust model. What I said was that I didn't think
> that it was
> the only thing that would be implemented. I very much believe that
> there will be prophylactic services in the network for the
> foreseeable
> future, because there exist good network-related reasons for
> that to be
> true.
>