[88239] in North American Network Operators' Group
Re: So -- what did happen to Panix?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Jan 26 01:45:43 2006
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Pekka Savola <pekkas@netcore.fi>
Cc: Valdis.Kletnieks@vt.edu,
"william(at)elan.net" <william@elan.net>, nanog@nanog.org
In-Reply-To: (Your message of "Thu, 26 Jan 2006 08:34:58 +0200.")
<Pine.LNX.4.64.0601260832510.15682@netcore.fi>
Date: Thu, 26 Jan 2006 01:44:51 -0500
Errors-To: owner-nanog@merit.edu
In message <Pine.LNX.4.64.0601260832510.15682@netcore.fi>, Pekka Savola writes:
>On Thu, 26 Jan 2006, Valdis.Kletnieks@vt.edu wrote:
>> In other words - what is the business case for deploying this proposed
>> solution? I may be able to get things deployed at $WORK by arguing that
>> it's The Right Thing To Do, but at most shops an ROI calculation needs
>> to be attached to get movement....
>
>Exactly. If $OTHER_FOLKS don't deploy it, cases like Panix may not
>really be avoided.
>
>I think that's what folks proposing perfect -- but practically
>undeployable -- security solutions are missing.
>
That is, of course, why I asked the question -- I'm trying to
understand the actual failure modes and feasible fixes. I agree that
many of the solutions proposed thus far are hard to deploy; some
colleagues and I are working on variants that we think are deployable.
But we need data first.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
