Subject: Re: random ip_id must be configurable
To: Bill Studenmund <>
From: Allen Briggs <>
List: tech-net
Date: 09/12/2003 16:24:09
On Fri, Sep 12, 2003 at 12:23:27PM -0700, Bill Studenmund wrote:
> If you want a truly secure computer, cut all the network connections. As
> long as you're on a network, you are open to network-based attachs.
> To do anything less, say adding a network card and getting an IP address,
> opens you up to attacks. As everyone on this list has done so, we must
> have decided that the benefits out weigh the costs

Sure.  The other side of this reasonable arguing stance is that there
are real network attacks out ther in the real world, and computers
attached directly to the real world doing normal work should be made as
safe as we can reasonably make them.  No?

The debate really seems to be around definitions of "reasonably".

NetBSD is used in a lot of different environments, and the definition of
what are reasonable measures for each of these environments is going to
vary.  Where we draw the lines around risk, cost, and performance, is
going to vary, depending on the target environment.  Bill mentions this
cost/benefit consideration.

For each of the risks, I think it's reasonable to carefully consider how
universal the risk is and how much the proposed solution will help in
each case, as long as the proposed solution does carry a cost.  I think
it's also useful to consider whether a fix could be useful as an option,
as opposed to being included even in the case of a purely private network.

Remote root holes in standard services don't take a lot of consideration,
some others do.  Let's try to weigh the risks and costs professionally.


                  Use NetBSD!