apparently this comment has been downvoted. people with very well formed opinions have been saying that end-to-end is the only way, or at least the very best way.
it is true, as the responders point out, that some of the control protocols used in the internet blindly trust what they receive. fixing those protocols and ensuring reasonable end to end authentication is a much better use of time than fussing around about a single link level solution.
imagine being able to forget about half assed measures like policy based firewalls and stateful nat for security.
it is true, as the responders point out, that some of the control protocols used in the internet blindly trust what they receive. fixing those protocols and ensuring reasonable end to end authentication is a much better use of time than fussing around about a single link level solution.
imagine being able to forget about half assed measures like policy based firewalls and stateful nat for security.