[e2e] New approach to diffserv...

[Melinda Shore]

At 11:34 AM 6/16/02 -0400, David P. Reed wrote:
>And as Jon Crowcroft points out, most of the losses involve internal threats, not external ones.   And the holy corporate firewall does nothing for the internal threats.

Of course, but putting up a firewall is easy, and even if 
corporate IT departments are convinced to start getting their
users to use properly secured applications and even if there's
progress on platform/operating system security, it's very,
very unlikely that the firewalls are going to go away.

It's easy to sit back and call people morons and complain that
they're ruining your beautiful network design.  Getting a handle
on why things have gone astray is a little more difficult and
a little more productive, and proposing alternate architectures
for doing the things that the "morons" want done is a lot more
difficult but a lot more productive.  Unfortunately, the people
who buy equipment and install networks often absolutely do NOT
want end-to-end transparency, and they absolutely DO want devices
retaining application state in the middle of the network.  That's
the model that they understand for protecting their assets, managing
their address spaces, and so on.  What's needed here is a better
model that's more idiomatic to IP.

Melinda