Re: Port numbers and IPv6 (was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Filtering can always be done, that is the right of the network
administrator doing the filtering. That some users won't like it is
indeed an issue, but that is political and not technical.

Thinking of this as a "right" is the wrong way to think about it. A more relevant question is whether this works well. There are a number of problems associated with interception proxies, many related to a lack of accountability and transparency, others related to compromises in end-to-end security.

I also disagree that the network admen inherently has a right to interfere in arbitrary ways with communications between parties using his network- there are cases where this "right" may exist but it is because of some other role of the network operator - not merely because he is operating a network. Does a postal or courier service have the "right" to open, alter, and reseal paper messages? Does a telephone company have the "right" to alter conversations? The job of the network is to carry messages transparently; and applications need to be able to assume that the network is behaving in a simple, predictable, and reasonably uniform manner independent of the locations of the hosts that are participating.

Host and application security are not the job of the network. At best, the network can cooperate with hosts and applications to enhance the security that the hosts and applications already provide. But when the network tries to provide security independently of host and application policy, the result is usually degraded interoperability and rarely good security.

Keith

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]