Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uwm.edu!cs.utexas.edu!rutgers!bellcore!ka9q.bellcore.com!karn
From: karn@ka9q.bellcore.com (Phil Karn)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: A SUSPICIOUS SECURE GATEWAY
Message-ID: <23617@bellcore.bellcore.com>
Date: 25 May 90 08:32:32 GMT
References: <435@jove.dec.com> <9005231723.AA20278@hp-ses.sde.hp.com>
Sender: news@bellcore.bellcore.com
Reply-To: karn@ka9q.bellcore.com (Phil Karn)
Organization: Secular Humanists for No-Code
Lines: 20

In article <9005231723.AA20278@hp-ses.sde.hp.com> wunder@HP-SES.SDE.HP.COM (Walter Underwood) writes:
>HP does exactly the same thing.  I think of it as similar to
>international borders.[...]

That's not a bad analogy, because I absolutely detest having to deal with
customs stations. And I certainly don't depend on US customs to protect my
house (or computer) from being burglarized.

My personal favorite analogy is the Berlin Wall. Shortly after the wall was
opened some East German official was quoted by the AP as saying that the
wall as a whole would stay up because it was "necessary to protect East
Germans against AIDS", among other things.  Unfortunately, this kind of
thinking is not unheard of in the computer security business.

Once again, I argue that there is no substitute for each individual taking
the responsibility for protecting his own local domain. Security mechanisms
are always most effectively implemented as close as possible to whatever
is being protected.

Phil