On 5 Aug 2015, at 12:37, Ca By wrote:
Constantly re-evaluated is not scalable.
It is in fact scalable, given network infrastructure with sufficient instrumentation capabilities/capacity and sufficient telemetry collection/analysis. Many organizations do this today.
Not everyone has those things, however. They should, and eventually most will, but it takes time.
The other factor is the reliable automation of policy construction and deployment based on said analysis. Besides the usual gaps and hurdles (standardization of mechanisms still in its relative infancy, lack of skills/resources in many organizations to perform systems integration, et. al.), there is a potential for cascading, feedback loops, and other undesirable forms of oscillation.
I am open to more discussion here. I do not want to be ambiguous
Many folks here might generally agree that we don't want to see tons more UDP dumped into the cesspit (QUIC and WebRTC come to mind, as Dan Wing notes) in the current situation, but flatly stating 'no more new UDP, ever' may have difficulty n the necessary consensus in the broader arena.
That being said, QUIC and WebRTC in particular are significantly problematic on the operational side of things due to many aspects of this general problem-set. Some middle ground between 'no new UDP, ever' and 'let's switch all Web traffic over to UDP, because it'd be cool' ought to be possible, no?
----------------------------------- Roland Dobbins <[email protected]> _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
