=?gb2312?q?Jing=20Shen?= jshen_cad at yahoo.com.cn
Wed Jul 2 01:57:22 PDT 2003

why do you think this asks IPSEC traffic to expose its content to others? 
What interests me in this news is: how could e2e priciple account for increasing demands from goverment( or enterprise) to set up checkpoint across network while mainteining high performance?  
Is that easy  to maintein flexibility, scalability and the "freedom" while providing what government asks?

"David P. Reed" <dpreed at reed.com> wrote:
One more brick in the wall, the news story below tells us that major vendors continue to create damage to be routed around.

One could have hoped that in creating the IPv6 stacks of end systems, vendor OS stacks and apps would be properly authenticated using IPSEC, thus eliminating the need for (and ability to implement) firewalls that must read payload content as if they knew what it meant.

But alas, and to my great sadness, that was not to be.   Instead Cisco adopts the maze of twisty little passages approach, and continues to encourage balkanization of the Internet.   I presume that these firewalls will demand that IPSEC traffic expose its content before being allowed passage so instead of being more secure, the traffic gets less secure.

By 2006, I suspect there will be no "Inter" net to speak of.  Only a collection of nets that cannot send data to each other.

Posted June 27, 2003 4:44 PM Pacific Time



Attacking one of the key problems early adopters have had

with IPv6 (Internet Protocol Version 6), Cisco plans to

beef up security, adding support for stateful packet

filtering of IPv6 traffic to its software and hardware

firewall products in the first half of next year.


The dominant maker of Internet routers, also a major vendor

of firewalls, provided that statement of direction at the

North American IPv6 Global Summit, held this week in San

Diego. Cisco demonstrated the filtering capability in its

IOS (Internetwork Operating System) firewall at the

conference, said Patrick Grossetete, Cisco IOS IPv6 product manager, in an interview from the conference.


For the full story: http://www.infoworld.com/article/03/06/27/HNfirewallscisco_1.html


Jing Shen

State Key Lab of CAD&CG
ZheJiang University(YuQuan)
HangZhou, ZheJiang Province 310027

Do You Yahoo!?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.postel.org/pipermail/end2end-interest/attachments/20030702/44ec21d8/attachment.html

More information about the end2end-interest mailing list