<inline> Tom Petch ----- Original Message ----- From: "Iljitsch van Beijnum" <iljitsch@xxxxxxxxx> To: "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx> Cc: "IETF General Discussion Mailing List" <ietf@xxxxxxxx> Sent: Wednesday, July 20, 2005 12:36 AM Subject: Re: Port numbers andIPv6(was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt) > On 19-jul-2005, at 23:35, Hallam-Baker, Phillip wrote: > > >> Host and application security are not the job of the network. > > > They are the job of the network interfaces. The gateway between a > > network and the internetwork should be closely controlled and guarded. > > You may want to read up on the end-to-end principle (or argument, if > you prefer). It's not the "network interface-to-network interface" > principle. > > In other words: if the endpoints in the communication already do > something, duplicating that same function in the middle as well is > superfluous and usually harmful. > Mmmm so if I am doing error correction in the end hosts, and somewhere along the way is a highly error prone satellite lnk, then I should let the hosts correct all the satellite-created errors? I don't think that that is the way it is done. Likewise, if my sensitive data mostly traverses hard to penetrate links (fibre) but just somewhere uses a vulnerable one (wireless), then I just use application level encryption, as opposed to adding link encryption over the wireless link in addition? Again, I think not. End-to-end is not always best but I am not sure which law of network engineering points out the exceptions. Probably something to do with different levels of entropy along the way. <snip> _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf