Re: ISMS working group and charter problems
Melinda Shore <mshore@cisco.com> Wed, 07 September 2005 11:41 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECyIz-0001LC-TE; Wed, 07 Sep 2005 07:41:29 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECyIx-0001Kh-Er for ietf@megatron.ietf.org; Wed, 07 Sep 2005 07:41:27 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA13071 for <ietf@ietf.org>; Wed, 7 Sep 2005 07:41:26 -0400 (EDT)
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ECyM6-0002P7-Ow for ietf@ietf.org; Wed, 07 Sep 2005 07:44:44 -0400
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-2.cisco.com with ESMTP; 07 Sep 2005 04:41:16 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id j87BfE4u020754; Wed, 7 Sep 2005 04:41:14 -0700 (PDT)
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 7 Sep 2005 04:41:13 -0700
Received: from [10.25.65.180] ([10.25.65.180]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 7 Sep 2005 04:41:13 -0700
Message-ID: <431ED1D7.7020406@cisco.com>
Date: Wed, 07 Sep 2005 07:41:11 -0400
From: Melinda Shore <mshore@cisco.com>
User-Agent: Mozilla Thunderbird 1.0 (Macintosh/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
References: <20050906222815.4B7CC3BFD6F@berkshire.machshav.com>
In-Reply-To: <20050906222815.4B7CC3BFD6F@berkshire.machshav.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 07 Sep 2005 11:41:13.0558 (UTC) FILETIME=[0CC9B760:01C5B3A1]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
Subject: Re: ISMS working group and charter problems
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
Steven M. Bellovin wrote: > More of his measurements concluded that at least 56% of hosts are > behind a firewall that blocks by default. It should be pointed out here that the problems introduced by NATs are not quite the same as problems introduced by firewalls. While they both impair reachability NATs cause NATted hosts to be unable to determine their own address (or indeed to have an addressable presence at all without initiating contact with another host). In any event I think that it's a mistake to assume that a firewall or NAT can inspect or rewrite the contents of a data stream. I'm not sure that it's a good idea for the IETF to tacitly (or otherwise) discourage encryption or authentication. I'm sort of "meh" on the idea of a mandatory firewall/ NAT/middlebox/filters section in protocol documents. I'm not sure that there's a widespread problem that it would solve. In the case where there is a problem, like this one, sharp eyes tend to catch it early. We have mandatory security sections because securing a particular protocol can be subtle and idiosyncratic because of trust relationships and operating environment, and firewall/NAT problems tend to be pretty much the same from protocol to protocol with hard problems cropping up in a small number of cases. Melinda _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Pekka Savola
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- RE: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Randy Presuhn
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Dave Singer
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Brian E Carpenter
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Firewall considerations (Re: ISMS working group a… Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Melinda Shore
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Margaret Wasserman
- Confusion about ISMS rechartering Sam Hartman
- Re: Confusion about ISMS rechartering Dave Crocker
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Margaret Wasserman
- RE: ISMS working group and charter problems Fleischman, Eric
- Re: ISMS working group and charter problems Spencer Dawkins
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Daniel Senie
- RE: ISMS working group and charter problems Nelson, David
- Re: ISMS working group and charter problems Tom Petch
- Fwd: ISMS working group and charter problems Rich Morin
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Wes Hardaker
- ISMS working group and charter problems Brent Chapman