Re: Fwd: Simple Security - Layered Filtering should be in the document

[Joel Jaeggli <joelja@bogus.com>]

Pekka Savola wrote:
> On Tue, 28 Jul 2009, Gregory M. Lebovitz wrote:
>>> James,
>>> Layered filtering should be included in the document. It is an OPTION
>>> that people really need in an environment where the use of tunneling
>>> is growing rapidly. I would appreciate it if others who agree would
>>> ack this email to the list.
> 
> Could you provide a list of, say, 5 CPE equipments from various vendors
> in sub-100$ price range that currently provide this feature (with v4)?
> That might go a long way in convincing those unbelievers in the WG such
> as myself that this is a common and important feature in this context?

Speaking from the enterprise operations perspective the reliance on port
443 ssl as a generic tunneling mechanism (think ssl vpn) greatly reduces
the utility of layered filtering. To the extent that you succeed in
getting people to put strong crypto on the wrapper the payload becomes
opaque.