[e2e] About the primitives and their value
Joe Touch
touch at ISI.EDU
Wed Aug 9 10:09:04 PDT 2006
bmanning at vacation.karoshi.com wrote:
>> Joe Touch wrote:
>>> Pekka Nikander wrote:
>>> The trick is to move the problem as close to the potential attacker as
>>> possible.
>> 2) diversify the weakness and make it a strength (SOS, our own "Agile
>> Tunnel Protocol" system and DynaBone, etc.)
>>
>> ...
>>> The problem lies in how to distribute the "firewall information" within
>>> the network so that the firewall closest to the attack source can and
>>> will both intelligently enough filter out all or at least most of the
>>> unwanted traffic and pass all wanted traffic.
>> That assumes trusted relationships with basically everyone EXCEPT those
>> who are attacking you. I don't think that's a defensible position
>> (either in rhetoric or in operation in the network).
>>
> what was the best stratagy for winning "Life" - initally
> trust everyone, once "burned", never trust them again?
That's the paradox. If you never open up again, you're not running an
internetwork; you're running a closed system. But opening up again makes
attacks possible.
The only balance is to accept the fact that (as I stated in my PFIR
'bill') communication is an agreement among consenting parties, and that
- in the Internet - 'consenting' is determined by a packet exchange.
Joe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://mailman.postel.org/pipermail/end2end-interest/attachments/20060809/a56453df/signature.bin
More information about the end2end-interest
mailing list