[e2e] IPV6 FIREWALLS

[David P. Reed]

At 10:19 AM 7/2/2003 -0400, J. Noel Chiappa wrote:
>The Internet architecture we foisted on the world had a really embreyonic
>security architecture - well, actually, I'm being charitable, it didn't
>really even have that much. We didn't really have a clue what people were
>really going to need to do, much less provide any mechanisms that would allow
>them to do that.

For people who weren't around at the time, it's IMPORTANT (at least to me) 
to note that some of us wanted to include a much more thorough, end-to-end 
security architecture in which all data would be encrypted end-to-end, with 
a full authentication infrastructure in place that would allow end systems 
to know who was talking to whom.

This technology was all very well understood at the time.

We had NOTHING to do with its "non-deployment."  We were ORDERED not to do 
such research and innovation in the Internet project, or at least under 
anything funded by ARPA.

The US has continued to pass laws that restrict end-to-end security since 
then, such as CALEA.

No wonder we have firewalls whose security benefits are questionable at 
best, but which prevent many useful communications very effectively.

The actual systemic corporate security achieved by firewalls is little 
better than depending on WEP alone.


>So it's no suprise that, not having given them any screwdrivers, they looked
>around and picked up whatever hammers they could find, and started applying
>them...

Exactly so.   A network shattered by a hammer is quite secure, because it 
carries no bits.