> Saltzer, Reed and Clark's paper "End-to-end Arguments in > System Design" points out the exceptions: <http://mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf> (starting at the heading "Performance aspects"). And if Tom bothers to actually read the only two paragraphs in the paper on security he will discover that it makes exactly the same point that I made. End to end encryption is only one approach and it does not address all security requirments, it is complimentary to other security approaches. There does not appear to be an true cannonical exposition of end-to-end security. The real end-to-end argument is an argument about the optimal placement of complexity. If you look at the arguments in the paper and accept that maybe the Internet has changed significantly in the past quarter century you will find that the same arguments and premises now lead to very different conclusions in some (but not all) cases. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf