[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC requirements

To: ipsec@ans.net
Subject: Re: IPSEC requirements
From: "William Allen Simpson" <bill.simpson@um.cc.umich.edu>
Date: Thu, 1 Sep 94 18:45:53 GMT
Reply-To: bsimpson@morningstar.com

> From: Marcus J Ranum <mjr@tis.com>
> >If we could only get authentication widely deployed, we won't need
> >firewalls anymore.
>
> 	Unfortunately, this is dead wrong.
>
No, _your_ argument is dead wrong.  "Hackers posting" means they can get
into your secure machine.  If you are using IP Security, you might as
well be running a secure machine.  If it's not secure, a firewall won't
save you.

The trust boundary is the trusted machine.

I don't care about unsecure machines.  Let them die.

Since "trusting" IP Addresses requires "trusting" somebody else's
routing fabric, firewalls don't protect against anything but
maliciousness.

Bill.Simpson@um.cc.umich.edu

Prev by Date: OSE Implementors Workshop Sec-Sig: Draft Minutes
Next by Date: CBCC
Prev by thread: OSE Implementors Workshop Sec-Sig: Draft Minutes
Next by thread: Re: IPSEC requirements
Index(es):
- Main
- Thread