RE: Why Scopes? (was: Re: [saad] About saad)

To: "Erik Nordmark" <Erik.Nordmark@sun.com>
Subject: RE: Why Scopes? (was: Re: [saad] About saad)
From: "Michel Py" <michel@arneill-py.sacramento.ca.us>
Date: Tue, 21 Oct 2003 09:07:31 -0700
Cc: "James Kempf" <kempf@docomolabs-usa.com>, <saad@ietf.org>
List-help: <mailto:saad-request@ietf.org?subject=help>
List-id: Scope Addressing Architecture Discussion <saad.ietf.org>
List-post: <mailto:saad@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/saad>,<mailto:saad-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/saad>,<mailto:saad-request@ietf.org?subject=unsubscribe>
Sender: saad-admin@ietf.org
Thread-index: AcOX6w2UcomcC/w0QdWJMQjE6BsuSwAAiDyA
Thread-topic: Why Scopes? (was: Re: [saad] About saad)

> Erik Nordmark
> Having a conceptual model with 3 top-level classes defined in the
> firewall
> 1. no communication through the firewall
> 2. outbound only
> 3. open
> is simple enough to prevent unintended side-effects of other
> filters.

Even if we could force firewall vendors to do this (which we can't) it's
not flexible enough. A significant part of access control is performed
by regular routers and there we can't pre-define which interface belongs
to which class, it's all configuration that unfortunately can be
SNAFUed.

Michel.


_______________________________________________
Saad mailing list
Saad@ietf.org
https://www1.ietf.org/mailman/listinfo/saad

Prev by Date: RE: Why Scopes? (was: Re: [saad] About saad)
Next by Date: Re: [saad] About saad
Previous by thread: RE: Why Scopes? (was: Re: [saad] About saad)
Index(es):
- Date
- Thread

RE: Why Scopes? (was: Re: [saad] About saad)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.