What do people here on firewalls think of the technology coming down
the pipe in the form of the work of the IETF IP security group?
How will actually being able to authenticate the machine you're talking
with (at an IP level) affect organizations wanting to erect firewalls?
What if I firewall becomes something of the form:
Non-secure IP not welcome here.
I'm all in favor of their work. And no matter how successful it is,
we're not tearing down our firewall.
At the Oakland conference two weeks ago, Phil Karn and I had a panel
session debate on firewalls. My points (relative to this matter) are
(a) old machines hang around for a long time, and (b) you can have the
best-authenticated in the world, protected by a cryptosystem NSA,
the KGB, GCHQ, and the Mossad together couldn't break -- and it won't
do you a bit of good if the software at your end is buggy. (Pick
your favorite -- AIX login, sendmail, uucp, portmapper, etc.)
Secure IP will make things like secure tunnels and traveling telnet
much nicer, though. And it will provide real authentication for
things like rlogin, NFS, etc.
|
|
