[9486] in cryptography@c2.net mail archive
Re: New encryption technology closes WLAN security loopholes
daemon@ATHENA.MIT.EDU (Derek Atkins)
Tue Sep 25 12:14:37 2001
To: ji@research.att.com
Cc: cryptography@wasabisystems.com
From: Derek Atkins <warlord@MIT.EDU>
Date: 25 Sep 2001 10:53:04 -0400
In-Reply-To: ji@research.att.com's message of "Mon, 24 Sep 2001 18:44:18 -0400 (EDT)"
Message-ID: <sjmofnzgw4v.fsf@rcn.ihtfp.org>
Heh.
I've been arguing for YEARS that classic firewalls, as they have been
used for even more years, have been a disservice to network security.
You know, the whole "hard, crunchy exterior with soft, chewy interior"
sort of thing. Instead if we had ubiquitous multi-level secure
services (using IPsec, SSL, SSH, PGP, Kerberos, etc.) it would be a
much better world.
-derek
ji@research.att.com writes:
> > Or in other words, the first requirement for perimeter security is a perimeter.
>
> In increasingly many environments, the term "perimeter" makes little sense.
> See, for example, the CCS-2000 paper on Distributed Firewalls by Sotiris
> Ioannidis et al. You can get it (among other places) from
> http://www.research.att.com/~smb/papers/ccs-df.pdf
>
> /ji
>
> (for the curious, the Ioannidis on that paper is my brother, not I).
>
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
