Phil,
> layered defenses are a good notion, but mostly when the layers are
under the same administrative control. all too often people forget
that relying on the security provided by someone else is a risky
proposition, as in your example of ISPs providing ingress filtering.
I would restate your assertion:
It is a bad idea to rely on another party that cannot be held
accountable to you.
We all rely on other parties, the Internet is an example of extended
interdependency. The critical issue is accountability.
So in the question of ingress filtering what I am looking at is
mechanisms to create accountability.
the Internet is composed of Autonomous Systems, and they take the
first word of the name very seriously. I suspect ISP accountability
in China, for example, may be as successful as copyright enforcement
in that region.
> If it weren't a good analogy I don't think I would have received so
many private responses congratulating me for it :-)
This forum is very much wedded to a security architecture based on a
particular set of academic theories. It is no surprise that you find
support here, any more than the original pontifex maximus would no doubt
receive congratulations on his correct determinationof the auspices from
the entrails of a goat.
I'm more a fan of goat cheese than entrails, but to each his own.
Maybe we would all be happier if you decided to not waste your time
arguing with the folks in "this forum," since we are so out of touch
and irrelevant to the future of network security, at least as defined
by the practitioners who appear to emphasize the appearance of
security over security per se.
Steve
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf