Re: Why?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What we need is an architecture for multilayered defense that allows centralized policy specification (which is merged with host policy) and which is application-aware.

You mean like midcom?

no. for the most part, apps shoudn't have to be aware of the existence of middleboxes, and there shouldn't be an either/or decision about trustworthiness of the app. (you might make an exception for certain kinds of explicit proxies.) rather the middleboxes and apps should all be made aware of the network's policy and all expected to enforce it at a level which is consistent with their function. there should be strict limits as to the degree to which a middlebox can interfere with e2e traffic. other components, e.g. intrusion detection should also be made aware of the policy so that they can detect when it is violated and raise appropriate alarms.



_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]