RE: Port numbers and IPv6(was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> >  Most people think that carriers
> >should not be allowing people to inject bogons.
> >
> >Modern security architectures do not rely exclusively on application 
> >security. If you want to connect up to a state of the art corporate 
> >network the machine has to authenticate.
> 
> the notion that one has to "log into the net" is a quaint one, 
> perhaps inspired by Windows and the registry. as a mac user, I can't 
> relate to this notion, nor can most Unix users, I bet.

Boy are you in for a shock when you try to connect to an ethernet with
802.1x.

Authentication is being built into the NIC cards. At some point in the
future it will not be possible for any device to connect to an Intranet
without first authenticating itself.

And it will all have to be 100% transparent to the user.

> if folks rely on such distributed enforcement, they will get 
> what they deserve.

You are behind the times, single point of failure approaches to security
are out. 

What people are looking to do is to contain attacks from within their
networks. Most large companies now have networks that are large enough
for what is inside the firewall to be at least as worrying as what is
outside.

> why not just propose rigorous enforcement of setting the evil bit by 
> all network attachment devices, etc?

Sarcasm is not a particularly useful mode of debate, particularly when
you are defending a dogma that has little practical success to recommend
it.


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]