[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
Hi James,
On Mon, 24 Aug 2009 11:59:21 -0700
james woodyatt <jhw@apple.com> wrote:
> On Aug 24, 2009, at 11:33, Mark Baugher wrote:
>
> > The node that accepts the IKE phase 1 presumably has some acl or
> > credential requirement to control access - or could have. I thought
> > that this was the idea behind the original recommendation.
>
> I'm always getting confused about whether we're presuming that the
> interior node is well secured or that the interior node has some
> hypothetical vulnerability that can be remotely exploited to obtain
> access to the rest of the interior network. I'm often making the
> wrong assumption in the wrong context, and I suspect I just don't have
> sufficient network security expertise to know which assumption to make
> in what scenario.
>
I'm assuming a well secured interior node. When exploits are
discovered in good VoIP handset vendors' devices, and they fix them,
rather than saying "these devices shouldn't be plugged into the
Internet", then I think any device / OS, from a good vendor, which has
the more common possibility of being plugged into the Internet than a
VoIP handset, can also be assumed to be well secured by default (if
the end user switches it off, that's their problem). I think vendors are
going to have to accept that once they give a device the possibility of
being connected to the Internet, there'll be somebody who will (and
possibly lots of people, if a different but related use emerges). The
only safe choice for a vendor is secured by default.
> Hence, my tendency to defer to the people with more credible claims to
> such expertise. Let them take the heat for mistakes of that
> category. That's what they get paid to do.
>
>
> --
> james woodyatt <jhw@apple.com>
> member of technical staff, communications engineering
>
>
>