[e2e] Detecting middle boxes
Christian Huitema
huitema at windows.microsoft.com
Tue Feb 12 08:35:29 PST 2002
> At 12:08 PM 2/11/02 -0800, Christian Huitema wrote:
> >A simple solution to detect a class of proxies is to have a
cooperative
> >responder on the Internet, to try to connect using port 25, 53, 80,
> >etc., and to have the responder provide a response that returns the
> >characteristics of the connection. If you want to do this seriously,
the
> >response should contain a hash of the incoming message (detect
> >tampering) + a copy of the incoming IP address and port (detect
address
> >rewriting and port mapping); the response should be signed.
>
> In the case where a network is multihomed you need to be able to
> pick the correct responder with respect to the endpoint you're
> trying to reach (or that is trying to reach you). It's also not
> going to be robust against middlebox failover, etc. One could
> argue that it's pushing a circuit orientation down a layer.
> It's an unidiomatic solution in that it fails to integrate well
> with the basic characteristics of IP.
Uh, what exactly is not robust here? We are considering a "detection"
system, not a "correction". I agree that there are some hairy aspects in
the correction -- we got to study quite a few corner cases for the
shipworm/teredo proposal. But there is nothing particularly hard in a
detection system.
-- Christian Huitema
More information about the end2end-interest
mailing list