Skip to main content

Time To End The War on Network Protection

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Eliot Lear
Last updated 2017-05-02 (Latest revision 2016-10-29)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Since the Edward Snowden's release of secret information, some in the IETF have taken an approach that the network is such a useful tool that it is also an enemy. With several high visibility attacks that have been based on low end systems (Things), it is now clear that not only is the network not the enemy, but that it is required to protect the system as a whole. When the network has at least some information about a device, we get a second chance to limit attacks against the device and, in some cases, a third chance to limit attacks from the device. This memo discusses ways in which network protection assists in protection of devices, and some caveats around that protection, and suggests considerations implementers and protocol developers should consider as connectivity continues to expand to new applications.


Eliot Lear

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)