[rrg] [BEHAVE] Can we have on NAT66 discussion?
Iljitsch van Beijnum
iljitsch at muada.com
Sat Nov 15 13:04:03 PST 2008
On 14 nov 2008, at 17:49, Hallam-Baker, Phillip wrote:
> BGP is not a secure protocol.
Not disagreeing, but what makes for a secure protocol?
> So why do you think it is appropriate for end user applications to
> make assumptions about end entity identity on the basis of source IP
> address?
I don't. But then again I don't believe in firewalls so it doesn't
cost me anything to forego this assumption. But if all you have is a
hammer and a nail comes along, you start hammering without asking too
many questions. (I.e., addresses are there so if you have a firewall
the natural thing is to filter based on them, even though it's
problematic.)
> If you take a look at DKIM you will see that the approach there is
> to independently authenticate the hops.
That didn't make sense in S-BGP so without being aware of the details
of DKIM I'm going to assume it doesn't make sense there either.
More information about the rrg
mailing list