lee at asgard.org
Sun Feb 6 08:16:35 CST 2011
> The end-to-end model is about "If my packet is permitted by policy and
delivered to the
> remote host, I expect it to arrive as sent, without unexpected
Well, it's about communications integrity being the responsibility of the
is therefore expected that the network not mess with the communication.
> Nobody wants to get rid of firewalls.
Several people want to get rid of firewalls. Consistent with the end-to-end
principle, hosts should provide their own policy enforcement. See expired
Unfortunately, the approach described doesn't work in state-of-the-art
CPE, and relies heavily on endpoint security protection, which is weak in
> We want to get rid of NAT. Firewalls work great
> without NAT and by having
> firewalls without NAT, we gain back the end-to-end model while preserving
the ability to
> enforce policy on end-to-end connectivity.
I would rather see hosts protect themselves from badness, and network
appliances be limited to protecting against network threats (a DDOS is a
threat; a service DOS is an application threat).
> > NAT doesn't destroy end-to-end. It just makes it slightly more
difficult. But no more
> > difficult that turning on a firewall does.
> > It doesn't break anything that isn't trying to "announce" itself - and
imo, applications that
> > want to "announce" themselves seem like a pretty big security hole.
Service discovery is an Internet weakness.
> NAT does destroy end-to-end. Firewalls do not.
Firewalls merely constrict it. Not that I advocate against the use of
in fact, I think I'm agreeing with you, and extending the argument a little
that we should move from NAT to firewalls, then from stateful firewalls to
secure hosts and network security appliances.
More information about the NANOG