Firewall Wizards mailing list archives
Re: Rant (Was Re: Our friend FTP, again)
From: David LeBlanc <dleblanc () mindspring com>
Date: Mon, 19 Apr 1999 07:45:49 -0700
At 10:02 AM 4/19/99 -0400, Ge' Weijers wrote:
On Sun, Apr 18, 1999 at 08:37:41AM -0700, David LeBlanc wrote:Possibly. I also think that IPSec will solve a lot of problems once it is widespread.
IPSEC is an afterthought, and a substitute for good protocol design. And it requires a lot of infrastructure to be effective (secure DNS or PKI). One of the problems I have with it is that you lose anonymity. If you just want to download a publicly available file you should not have to prove your identity. You _do_ want to make sure that the file comes from the server you requested it from in the first place.
Then according to what Robert Graham wrote (which I agree with), IPSec should have great success. It may not be elegant, but it is a good incremental improvement. We'll need secure DNS and PKI to do too many other things, so I don't see that as a huge stumbling block. Also, why should we depend on every app to institute properly done privacy and integrity? Why shouldn't this be done at a lower level? I think IPSec does it in the right place, and has the advantage of suddenly making so many older (but widely used) protocols reasonably secure. If all you want is a publicly available file, then you aren't worried about security, and can just use IPinSec <g>, just like you do now. I also think we're going to lose much of the anonymity we currently have as we move forward. As with most things, this will be both good and bad. I'll leave that argument to another thread.
Initially we'll probably be running IPSEC between security gateways, not from endpoint to endpoint. I wonder how much we'll be gaining this way, because these gateways will have to be as clever as current firewalls about which connections to let through.
That's a great initial start - I suspect it will probably take 2-3 years to get into very widespread use. David LeBlanc dleblanc () mindspring com
Current thread:
- Re: Rant (Was Re: Our friend FTP, again) Bill_Royds (Apr 17)
- <Possible follow-ups>
- RE: Rant (Was Re: Our friend FTP, again) Russ (Apr 17)
- Re: Rant (Was Re: Our friend FTP, again) Ryan Russell (Apr 17)
- Re: Rant (Was Re: Our friend FTP, again) David LeBlanc (Apr 18)
- Re: Rant (Was Re: Our friend FTP, again) Janos Mohacsi (Apr 19)
- Re: Rant (Was Re: Our friend FTP, again) Ge' Weijers (Apr 20)
- Re: Rant (Was Re: Our friend FTP, again) David LeBlanc (Apr 20)
- Re: Rant (Was Re: Our friend FTP, again) David Bonn (Apr 20)
- Re: Rant (Was Re: Our friend FTP, again) David LeBlanc (Apr 18)
- Re: Rant (Was Re: Our friend FTP, again) ark (Apr 20)
- Re: Rant (Was Re: Our friend FTP, again) Janos Mohacsi (Apr 20)