[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: a drop/bypass action negotiation issue
Charles,
:
:You have raised an interesting point. I have been thinking about the
:drop and bypass functions as mechanisms used by the security
:administrator to specify policy. From that perspective, I would not
:want any one else to be able to _negotiate_ any changes to the local
:policy. However, if the local policy is to permit some trusted
:parties to poke holes in the firewall, then I can see your view.
:However, it could still be argued that the local policy is not being
:negotiated, only the use of a different preexisting policy entry.
:
:IPSecond seems like the right place to explore the requirements.
:
:Charlie
The policy is whatever that protects your system (resources).
The question is whenever you surf the net do you really want
such protection at the cost of _access_ to information?
IMO, very few systems (or people) can dictate the policy,
others just have a choice either accept it or loose the chance
to conduct business.
Sorry for the reply-delay.
regards,
--Alexei