Hi Tony, You wrote:
> I think you're missing the point: having a firewall filter on ANY field set > by a correspondent that cannot be strongly authenticated is simply asking > for trouble. > > To date, folks have claimed that the return routability of the address was > 'enough' security. However, that depends on routing being secure. I hope > the folks in this group are aware of the reality in that regard. OK - I understand that you are suggesting that the routers not filter by IP address at all, but by "something else". If that "Something else" is changeable from time-to-time due to mobility, multihoming service restoration etc. for any one remote host (or whatever entity it is you are selecting with the filter, including perhaps an actual person using any host whatsoever) for which you want to specify the filtering, then I still think the router needs to periodically look up the text you specified in some global mapping system to see what this means "now". In that case, the text or whatever you use to tell the router how to filter needs to be accompanied by some information on how often to look up the mapping system to convert your specification into whatever it needs to mean to the filtering system right now. - Robin -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
