> Host and application security are not the job of the network. They are the job of the network interfaces. The gateway between a network and the internetwork should be closely controlled and guarded. Nobody is really proposing embedding security into the Internet backbone (at least not yet). But the backbone has always had controls enforced such as ingress and egress filtering. Most people think that carriers should not be allowing people to inject bogons. Modern security architectures do not rely exclusively on application security. If you want to connect up to a state of the art corporate network the machine has to authenticate. In the future every hub, every router, every NIC will be performing policy enforcement. De-perimeterization is not really about removing the firewalls, it is really about making every part of the *network* into a security control point. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf