> > Most people think that carriers > >should not be allowing people to inject bogons. > > > >Modern security architectures do not rely exclusively on application > >security. If you want to connect up to a state of the art corporate > >network the machine has to authenticate. > > the notion that one has to "log into the net" is a quaint one, > perhaps inspired by Windows and the registry. as a mac user, I can't > relate to this notion, nor can most Unix users, I bet. Boy are you in for a shock when you try to connect to an ethernet with 802.1x. Authentication is being built into the NIC cards. At some point in the future it will not be possible for any device to connect to an Intranet without first authenticating itself. And it will all have to be 100% transparent to the user. > if folks rely on such distributed enforcement, they will get > what they deserve. You are behind the times, single point of failure approaches to security are out. What people are looking to do is to contain attacks from within their networks. Most large companies now have networks that are large enough for what is inside the firewall to be at least as worrying as what is outside. > why not just propose rigorous enforcement of setting the evil bit by > all network attachment devices, etc? Sarcasm is not a particularly useful mode of debate, particularly when you are defending a dogma that has little practical success to recommend it. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf