And behold, the IEEE gods gave us 802.1AE. #MACsechttps://twitter.com/RichFelker/status/1009870219333062658 …
-
-
-
Replying to @RichFelker
It's actually pretty sweet. Linux has support for it in iproute2 + kernel.
1 reply 0 retweets 0 likes -
Replying to @troglobit
It's still a tool for letting people do something fundamentally wrong and insecure with a false sense that it's secure.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
Um, it's encrypted, like IPsec? Maybe you mean 802.1X?
1 reply 0 retweets 0 likes -
Replying to @troglobit
Using IPsec for access control is another iteration of the same insecure design. You're granting access to any process that can make a connection from the magically-trusted host.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @troglobit
In doing so, you're throwing out all privilege boundaries within that host or between other hosts it might forward/nat traffic for, and treating them all as one big trusted blob.
1 reply 0 retweets 0 likes
Some of these boundaries can be recreated with fancy iptables rules controlling which processes can make connections on which ports, but that's a sloppy, fragile replacement for process memory space isolation, filesystem permissions, etc.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.