In message <dcc302faa9fe5f4bba4dcad4656937791451334...@prvpexvs03.corp.twcable.com> "Howard, Lee" writes: > > > I do not adhere to "default permit" as a security principle. > > > > Then you also do not care for supporting the e2e principle, and I thought > > I heard people mumble e2w was a good thing at the start of homenet. > > I am in the camp the host should be strong and smart and networks should > > be simple and fast. > > > > Cb > > Let's discuss the end-to-end principle and see how it applies here. > > rfc1958 quotes from [Saltzer]: > "The function in question can completely and > correctly be implemented only with the knowledge and help of the > application standing at the endpoints of the communication system. > Therefore, providing that questioned function as a feature of the > communication system itself is not possible. (Sometimes an incomplete > version of the function provided by the communication system may be > useful as a performance enhancement.") > > In this instance, the "function" could be considered either a) > implementation of a forwarding policy, or b) the application > sending/receiving packets. If (a), then is is being done "with the > knowledge and help of the application," so the principle is intact. > If (b), then the firewall is not attempting to implement that > function, only to forward or not forward packets, and the principle is > intact. > > All of the examples contemplated in rfc1958 and in the original paper > are about adding processing to packet forwarding, such as error > checking, encryption, or deduplication. In this case, the host (or > application) is establishing a security policy, and asking for help > enforcing that policy. > > A general security principle is to drop malicious traffic as close to > the source as possible (rfc3013, rfc3871). > > "the end-to-end argument is not an absolute rule, but rather a > guideline that helps in application and protocol design analysis" > http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf > > > People can argue that the end-to-end principle prohibits use of > stateful firewalls. I believe that properly implemented, where the > host (application) sets the policy and the gateway/firewall makes a > forwarding decision, the principle is upheld. > > Lee
Lee, What people are arguing is a violation of the end-to-end principle is having a provider put in place filters that can't be shut of by the consumer. It would be preferable if the consumer could shut them off completely with at most one support call and then take responsibility themselves or better yet have configuration control over the firewall. If a mechanism is provided to poke pinholes, that may be acceptable to some. PCP may not be acceptable to many, preferring a configuration (persistent) change to the firewall. I for one would rather you shut off any firewall that you provide and leave it to me (and I would find another provider if you couldn't do that). But that is not typical. Curtis _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
