At 8:50 PM -0500 11/16/11, Russ White wrote:
>> Security compares what the state currently looks like to what the state
should look like.
the problem is how does one know what the state of the system 'should'
look like?
My understanding has always been that the point of any security system
is provide a secure and verifiable indication of what the system should
look like in order to compare current events against that standard.
The usual characterization of a secruity system is a set of mechanisms that
are intended to enforce a secruity policy. Only if the policy
articulates what the system "should look like" would your definition
be congruent.
Most security policies focus on aspects of system operation that are
perceived as "secruity critical." The WG charter articulates a
security policy, focusing on origin validation and path authenticity.
These aspects of routing security are visible and this avoid the more
problematic question of what the system "should look like."
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
