> From: Patrick Frejborg <[email protected]>
> It would be wonderful if the firewall rules is based only on the
> identifiers ... Then the enterprise could change the locator values
> and no need to worry about their partner connections, much less
> costs is caused by topology changes.
This has been pointed out before, in the context of renumbering - it's
'relatively' (in the sense of 'easier than other things' - I know it's
still non-trivial) easy to change local configuration information, but
information that _other_ places have stored about you is much harder.
> I'm afraid that the security part in ILNP is too weak to convince
> the security architects that you could build your security rules
> only on identifier information ... I could be wrong about this...
This is the exact same 'argument' that was raised against 8+8. It was
incorrect then (Steve Bellovin, if memory serves, prepared a succint
analysis of why that line of reasoning was incorrect), and it's still
incorrect now.
It's relatively easy to design a system which has at least as much
security as the faux security that the 'address-based authentication' of
the current system (even with DNSSec) has.
Noel
_______________________________________________
rrg mailing list
[email protected]
http://www.irtf.org/mailman/listinfo/rrg
