On Wed, 18 Sep 2002, Iljitsch van Beijnum wrote:
Wow, we should all start using out of band management. Anyone think it is feasible to do management of an IP network exclusively out of band?
Welcome to my nightmare. Getting ISPs to participate is always difficult. I encourage ISPs to read the draft and send in their comments to the White House. Otherwise, because they are the ones particpating, the future Internet security architecture will probably look like what a big telco thinks is a good security model. Why separate the circuit into 2B+D, just give me all the bandwidth. Is the telephone security model better than the Internet security model? It depends on who you ask. They both have interesting security issues. Unfortunately, a lot of it is based on perception on both sides, and only a little on fact. I would love to see some proposals from different ISPs how they view the Internet (or ISP) security architecture. Cisco, Sun, Lucent and Telcordia have vendor architectures. But what architecture work for real ISPs? What can we point to as a "good" Internet security architecture? Is there a difference between what works for a small, medium or large ISP? I can draw Internet security architectures until my fingers fall off, but they won't have the impact of industry consensus.