[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CAPWAP BOF follow up: nmrg - CAPWAP

To: Randy Bush <randy@psg.com>
Subject: Re: CAPWAP BOF follow up: nmrg - CAPWAP
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Mon, 28 Jul 2003 14:40:42 -0400
Cc: "Bernard Aboba" <bernard_aboba@hotmail.com>, iesg@ietf.org

In message <E19grvf-0009RZ-Vw@ran.psg.com>, Randy Bush writes:
>> The bottom line was that the WG did not care about security, and
>> therefore treated the required security measures (e.g. Diameter
>> CMS) necessary to make proxies safe largely as measures designed
>> to satisfy the IESG, rather than a real cost.  Once forced to
>> either take the security requirements imposed by proxies
>> seriously or abandon proxies, the WG chose to abandon proxies.
>> However, that was 3+ years and many hundreds of man years later
>> -- and the protocol had gained huge amounts of (largely
>> unnecessary) complexity in the process.
>
>so, our culture now accepts security procedural stone walls, but
>not architectural ones only one step removed?  in the anti-proxy
>arguments, we did make it quite clear that security would be the
>killer.

That's why I'm pushing for an early security architecture review in 
many cases.  But I think that that will annoy the usual suspects even 
more.


		--Steve Bellovin, http://www.research.att.com/~smb

Prev by Date: RE: What do we want to achieve from reorganizing our functions?
Next by Date: Re: What do we want to achieve from reorganizing our functions?
Previous by thread: Re: CAPWAP BOF follow up: nmrg - CAPWAP
Next by thread: Re: CAPWAP BOF follow up: nmrg - CAPWAP
Index(es):
- Date
- Thread