> layered defenses are a good notion, but mostly when the layers are > under the same administrative control. all too often people forget > that relying on the security provided by someone else is a risky > proposition, as in your example of ISPs providing ingress filtering. I would restate your assertion: It is a bad idea to rely on another party that cannot be held accountable to you. We all rely on other parties, the Internet is an example of extended interdependency. The critical issue is accountability. So in the question of ingress filtering what I am looking at is mechanisms to create accountability. > If it weren't a good analogy I don't think I would have received so > many private responses congratulating me for it :-) This forum is very much wedded to a security architecture based on a particular set of academic theories. It is no surprise that you find support here, any more than the original pontifex maximus would no doubt receive congratulations on his correct determinationof the auspices from the entrails of a goat. The fact is that in the wider arena of security practitioners the view you are advancing is a distinctly minority one that holds almost no support. The Internet cannot be secured using an architecture based on traditional computer security mechanism that absolutely prevent prohibited actions in advance. It is not possible to know what they are in advance. The approach has to be accountability based. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf