On Sun, Aug 26, 2018 at 08:19:41PM -0700, Tom Herbert wrote: > Toerless, > > I'm not sure what "outsourced into a common network component" means. > I've done a lot of app and OS development and have NEVER once > "outsourced" security to the network.
And i worked in a company where for a good while, SOCKS was a key part of the security concept. What do two random people experience data points help here ? ;-) > OSes and apps need to work > across all networks, in any possible environment, so having one > network provide a strict firewall, and in the next one no firewall > doesn't help really help things. Least common denominator for security > is no firewall, and that's what we assume in host development. The main question is what architecture we want for firewalls. IMHO i primarily need one where the firewall operator can be someone else from whoever operates any type of potentially crappy endpoint or endpoint app. If there are perfect security endpoint/e dpoint apps, thats fine, but they are not the problem anyhow. Assuming host development to be security wise good enough to connect to the internet without an external firewall is quite risky for most hosts that are not running the latest Windows/MacOS with good firewall configs. > Or perhaps they don't want to make it work since there is no standard > protocol for hosts to communicate characteristics of traffic with the > network. I think https://datatracker.ietf.org/doc/draft-herbert-fast/ > could be that. subscriber and app-id are probably more important. Cheers Toerless _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
