Andrew,
On 22-May-23 23:28, Andrew Campling wrote:
On 21-May-23 10:29 PM, Brian E Carpenter wrote:
And there's the problem. The operator of a large network cannot possibly
know which extension headers every host on the network needs. It's called
permissionless innovation, and is supposed to be one of the main success
factors for the Internet.
I think the problem with this approach, which I'm interpreting as "allow
everything", is that people responsible for the security of public, and especially
private, networks need to consider whether any such innovations might introduce new
vulnerabilities. Remember that, for example, CISOs looking after the security of some
enterprises may fall foul of regulatory obligations if they cannot show that their
networks are as secure as is practical.
Sure. So it's our job to document the best way to secure networks...
More generally, anyone operating zero trust principles would surely only allow
those features that they deem necessary, selected extension headers in this
case. This would seem consistent with the point that Fernando made earlier in
the thread.
That depends where you choose to apply the zero trust model. As Steve Bellovin
argued many years ago in his distributed firewalls paper, distributing the
trust model to the end systems is best, because you no longer have to trust any
intermediate systems.
https://www.cs.columbia.edu/~smb/papers/distfw.pdf
Brian
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
