[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IXP
> Date: Sat, 18 Apr 2009 13:17:11 -0400
> From: "Steven M. Bellovin" <smb at cs.columbia.edu>
>
> On Sat, 18 Apr 2009 16:58:24 +0000
> bmanning at vacation.karoshi.com wrote:
>
> > i make the claim that simple, clean design and execution is
> > best. even the security goofs will agree.
>
> "Even"? *Especially* -- or they're not competent at doing security.
wouldn't a security person also know about
http://en.wikipedia.org/wiki/ARP_spoofing
and know that many colo facilities now use one customer per vlan due
to this concern? (i remember florian weimer being surprised that we
didn't have such a policy on the ISC guest network.)
if we maximize for simplicity we get a DELNI. oops that's not fast
enough we need a switch not a hub and it has to go 10Gbit/sec/port.
looks like we traded away some simplicity in order to reach our goals.
- Follow-Ups:
- IXP
- From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com)
- IXP
- From: jbates at brightok.net (Jack Bates)
- IXP
- From: dlc at lampinc.com (Dale Carstensen)
- IXP
- From: smb at cs.columbia.edu (Steven M. Bellovin)
- IXP
- From: rdobbins at cisco.com (Roland Dobbins)
- IXP
- From: sean at donelan.com (Sean Donelan)
- References:
- IXP
- From: deepak at ai.net (Deepak Jain)
- IXP
- From: stuart at tech.org (Stephen Stuart)
- IXP
- From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com)
- IXP
- From: vixie at isc.org (Paul Vixie)
- IXP
- From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com)
- IXP
- From: smb at cs.columbia.edu (Steven M. Bellovin)
- Prev by Date:
IXP
- Next by Date:
IXP
- Previous by thread:
IXP
- Next by thread:
IXP
- Index(es):