Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Sean Doran writes:
> | On the other hand, it's clearly inappropriate to trust a random
> | router on the Internet, even if it claims it has to have such
> | access to better transmit your packets.
>
> No; it _may_ be inappropriate to trust such routers.
> There _may_ be some set of traffic that even paranoid
> people would not feel the need to protect, if that lack
> of protection would lead to better performance.
That sort of traffic, though, isn't generally considered a candidate
for IPSec protection, so it doesn't count. The real question is not
"are there kinds of traffic that people might not want to protect end
to end", but rather, "are there kinds of traffic that people do want
to protect end to end". Given that the answer to the last is "yes",
there is (at least sometimes, one must grant) a need for protocols
like IPSec that protect end to end. I would argue that in fact one
wants such protection a large fraction of the time, but that doesn't
matter from the point of view of whether we want to standardize this,
any more than the fact that one often doesn't want end to end reliable
transmission (i.e. UDP) means that one shouldn't have a protocol to
permit end to end reliable transmission (i.e. TCP).
Perry
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
