Firewall Wizards mailing list archives

RE: A fun smackdown...

From: "Jeremiah Cornelius" <jeremiah () nur net>
Date: Fri, 20 May 2005 22:23:26 -0700

Another perfect example of a bunch of egg-heads in the IETF
coming up with a mechanism for doing something that
completely ignored existing implementations of security
systems - and breaks as a result. The PMTU discovery
mechanism, using ICMP, was moronic design from the get-go.


You're absolutely right, Marcus.  But gosh!  We are more curmudgeonly
than usual.

You remember as well as anyone here, how very different the 'climate'
around purposes and uses of ARPA network technologies were.

Culture is as important as technology in the development of truly large
scale networks.  The culture that produced the Internet valued
communication as a higher priority than security.  We can debate if this
was a realistic set of values, but we can't fault it entirely.  

If the Internet had been formed in a security culture, there would be no
popular Internet as we have known it from the mid-nineties onward.  You
_may_ regard that as a good thing. ;-)

Cultures change less readily than technologies.  It isn't realistic to
hold the participants of the RFC process to a cultural standard other
than that which produced the Internet to begin with.  In the
OSI-befuddled reasoning of the Internet age, it is one cultural
signifier that the burden of security is moved to another layer in the
stack than the one on which you are myopically focused.

It _is_ true, that the culture did not correctly anticipate and adapt to
circumstance, that it was flawed and was badly adapted to other
circumstances than the University-oriented worlds which spawned it.
Iroquois culture didn't do too well when thrust into the age of
gunpowder and private real property, either.

So, add a Morris Worm and a Cuckoo's Egg (and a DEC firewall!) to the
soup...  We know how we got here.  We can get out of the mess with good
practice.  Without that, no amount of good technology can save us - a
point you have made yourself, many times.

--
Jeremiah Cornelius 


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: A fun smackdown..., (continued)
- - - Re: A fun smackdown... Devdas Bhagat (May 20)
    - Re: A fun smackdown... Carson Gaspar (May 20)
    - Re: A fun smackdown... Marcus J. Ranum (May 20)
    - RE: A fun smackdown... lordchariot (May 21)
    - Re: A fun smackdown... Devdas Bhagat (May 19)
    - Re: A fun smackdown... Martin (May 20)
- RE: A fun smackdown... FirewallAdmin (May 17)
- RE: A fun smackdown... Behm, Jeffrey L. (May 19)
  - RE: A fun smackdown... Paul D. Robertson (May 19)
- RE: A fun smackdown... Behm, Jeffrey L. (May 20)
- RE: A fun smackdown... Jeremiah Cornelius (May 21)
- A fun smackdown... David Wagner (May 21)
- RE: A fun smackdown... Marcus J. Ranum (May 24)
- Re: A fun smackdown... Jean-Denis Gorin (May 25)