BGP is not a secure protocol. We may work out a way to make BGP somewhat more secure, but most likely to defend against attacks such as flooding and DDoS rather than impersonation of end entities. So why do you think it is appropriate for end user applications to make assumptions about end entity identity on the basis of source IP address? If you take a look at DKIM you will see that the approach there is to independently authenticate the hops. ________________________________
From: Iljitsch van Beijnum [mailto:[EMAIL PROTECTED] Sent: Fri 11/14/2008 3:57 AM To: Hallam-Baker, Phillip Cc: Keith Moore; Behave WG; IETF Discussion; Routing Research Group Mailing List; Eric Klein; Mark Townsley Subject: Re: [BEHAVE] Can we have on NAT66 discussion? On 13 nov 2008, at 23:50, Hallam-Baker, Phillip wrote: > The most successful Internet protocols do not involve connections to > hosts today. SMTP is a connection to a service and has been for two > decades. > In SMTP the IP address does not remain constant end to end and never > did. SMTP is also the least secure protocol that is in wide use; hop-by-hop forwarding without authentication of the message itself is a security nightmare. We have the same issue with flooding of random IP packets.
_______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
