nanog mailing list archives
Re: For want of a single ethernet card, an airport was lost ...
From: Steve Gibbard <scg () gibbard org>
Date: Tue, 21 Aug 2007 11:43:41 -0700 (PDT)
On Tue, 21 Aug 2007, Zach White wrote:
At some point our networks have to remain useful. If they can be shut down for hours or days at a time are they really secure?
The first question to ask in designing something is what you're trying to accomplish.
This is a mailing list of network operators, meaning that most of us are in the business of forwarding packets, or otherwise seeing that packets get forwarded. It matters very little what those packets are, as long as they get where they're supposed to go. If our networks stop forwarding packets, we've got a problem.
Compare that to somebody designing a bank vault. They've still got to be able to get things in and out, but their most important priority is that stuff that's supposed to stay in the vault stays in the vault. If somebody legitimate can't get the vault open that's annoying, but it's nowhere near the level of problem they'd have if the vault turned out to be openable by somebody who wasn't supposed to open it.
The question for the designers of immigration systems, then, is whether they're designing something like the Internet, intended to forward people through efficiently, or something like a bank vault, intended to keep people out. If the former, they'd presumably want to default to being open in the event of a failure. If the latter, they'd want to default to being closed in the event of a failure. If their goals are somewhere in the middle, it becomes a matter of weighing the costs of the two failure modes and deciding which one will do less damage. But at that point, it becomes a political question, not an engineering question and certainly not a network operations question, so it's beyond the scope of the NANOG list.
-Steve
Current thread:
- For want of a single ethernet card, an airport was lost ... Suresh Ramasubramanian (Aug 18)
- Re: For want of a single ethernet card, an airport was lost ... Steven Haigh (Aug 18)
- Re: For want of a single ethernet card, an airport was lost ... Suresh Ramasubramanian (Aug 18)
- Re: For want of a single ethernet card, an airport was lost ... Lixia Zhang (Aug 18)
- <Possible follow-ups>
- Re: For want of a single ethernet card, an airport was lost ... Paul Ferguson (Aug 18)
- Re: For want of a single ethernet card, an airport was lost ... Steven M. Bellovin (Aug 18)
- Re: For want of a single ethernet card, an airport was lost ... Bill Stewart (Aug 20)
- Re: For want of a single ethernet card, an airport was lost ... Stephen Sprunk (Aug 20)
- Re: For want of a single ethernet card, an airport was lost ... Zach White (Aug 21)
- Re: For want of a single ethernet card, an airport was lost ... Steve Gibbard (Aug 21)
- Re: For want of a single ethernet card, an airport was lost ... Steven M. Bellovin (Aug 18)
- Re: For want of a single ethernet card, an airport was lost ... Steven Haigh (Aug 18)
- Re: For want of a single ethernet card, an airport was lost ... Michael Sinatra (Aug 22)
- Re: For want of a single ethernet card, an airport was lost ... Valdis . Kletnieks (Aug 22)