On Sat, Apr 18, 2009 at 09:12:24PM +0000, Paul Vixie wrote: > > Date: Sat, 18 Apr 2009 13:17:11 -0400 > > From: "Steven M. Bellovin" <s...@cs.columbia.edu> > > > > On Sat, 18 Apr 2009 16:58:24 +0000 > > bmann...@vacation.karoshi.com wrote: > > > > > i make the claim that simple, clean design and execution is > > > best. even the security goofs will agree. > > > > "Even"? *Especially* -- or they're not competent at doing security. > > wouldn't a security person also know about > > http://en.wikipedia.org/wiki/ARP_spoofing > > and know that many colo facilities now use one customer per vlan due > to this concern? (i remember florian weimer being surprised that we > didn't have such a policy on the ISC guest network.) > > if we maximize for simplicity we get a DELNI. oops that's not fast > enough we need a switch not a hub and it has to go 10Gbit/sec/port. > looks like we traded away some simplicity in order to reach our goals.
er... 10G is old hat... try 100G. i'm not arguing for a return to smoke signals. i'm arguing that simplicity is often time gratuitously abandoned in favor of the near-term, quick buck. if i may paraphrase Albert, "Things should be as simple as possible, but no simpler" and ARP... well there's a dirt simple hack that the ethernet-based folks have never been able to shake. :) --bill