Re: TLS on disconnected/intermittently connected networks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "Keith" == Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> writes:

    Keith> I've written code for a variety of environments like these
    Keith> for the last 13 years or so: gas pipeline monitoring,
    Keith> broadcast television operations, traffic signal
    Keith> monitoring/control, factory monitoring/automation, avionics,
    Keith> cryogenic dewar monitoring for various kinds of environments,
    Keith> and some others that don't come to mind immediately.   For
    Keith> the environments I've worked with, any of that kind of stuff
    Keith> would be a non-starter.     DNS is rightly seen as yet
    Keith> another reason for things to fail, and factories, gas
    Keith> pipelines, etc. are intolerant of lines being shut down
    Keith> because some IT guy wanted to use a name rather than an IP
    Keith> address. Static IPs work just fine for these situations.  

We're not really in agreement here.
I suspect that was true 20 years ago.
I suspect that was believed to be true 10 years ago, and was possibly
true in important cases.

But over time we've gotten better at providing redundant automated
infrastructure for things like naming etc.

I think we've reached a point now where the advantages of having naming
outweigh the disadvantages.

If for some reason that's still not true, the same infrastructure
advances that make it plausible to provide infrastructure like naming in
these environments also give you the mechanisms to go distribute a hosts
file everywhere or to issue certs with a IP SAN if that's really how you
want to go.
I don't think there's much point in the two of us talking past this
point: we are both appealing to our experience and the set of situations
we've studied and we have reached conflicting conclusions.
We've given our input; it's now time for others to chime in.

    Keith>     Keith> External connections are also regarded as security
    Keith>     Keith> threats

I'm disappointed to see  you bringing a red herring like this into the
conversation.
We were both explicitly talking about disconnected/intermittantly
connected networks.
Appealing to external connections would clearly not be the answer there.





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux