[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Michael Richardson: middle boxes vs security
In his/her message, Michael Richardson wrote:
> It is interesting that the inability to deploy security due to presence of
>middle boxes, such as security gateways, has prevented deployment of voice
I do not understand.
In draft-lear-middlebox-arch-01.txt, a middle box can be a NAT box or a
firewall. I think this is a mistake to think you can caracterize some
network devices as middle boxes this way, and others network devices
not being middle boxes.
Any switch-router is always able to do NAT, and always have firewalling
capabilities like IP filtering. In most case the usage of IP access-lists
if not only for access-control, but also routing, QoS, VLANs, etc.
So, in the real world, all IP network devices are middle boxes with
such a definition. I think we should reserve middle box definition for
boxes working at the application layer like boxes between WAP and HTTP.
What is you definition of the middle box ?
Why security gateways (id a network device building IPsec tunnels)
has prevented deployment of voice services ?