[e2e] 0% NAT - checkmating the disconnectors

Saikat Guha saikat at cs.cornell.edu
Tue Mar 7 20:44:58 PST 2006


On Wed, 2006-02-22 at 12:20 -0500, David P. Reed wrote:
> We know that NATs don't protect us very well, and we know that firewalls 
> don't either.   Yet they sure get in the way and create points of power 
> for those who would keep us disconnected.

Not to detract from the original discussion, but "those who would keep
us disconnected" can simply yank the cable. IT departments turn off
ports in response to suspicious activity, and no Internet architecture
can _force_ them to provide connectivity if they don't want to.

NATs and firewalls aren't the problem here. The problem is that the
Internet architecture has largely marginalized the voice of the network
operator. They have a say. They will enforce it whether or not end users
like it. If they have a problem with one application, the Internet
should provide them tools to squelch that one application, otherwise
they'll be forced to squelch them all. Instead of "checkmating the
disconnectors", I believe it worth looking at how to work _with_ them.

Is there a way to architect the Internet to give the network operator
full control over his network? So, when his boss (who paid for the wires
and routers) asks him to block application X, he can do just that and
not cause the collateral damage that firewall-hacks cause today.
Shameless plug: we believe signaling is one way to work _with_ the
network, and not against it
(http://saikat.guha.cc/pub/sosp05wip-guha.pdf). But, this is just one
solution.

My 2c.

-- 
Saikat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20060307/eeb5737a/attachment.bin


More information about the end2end-interest mailing list