Clueless service restrictions (was RE: Anti-spam System Idea)

Tue Feb 17 20:17:49 UTC 2004

Most of the responses to the anti-spam thread, and the comments to Itojun's
IAB presentation in Miami about filtering, show that this community has been
thoroughly infiltrated and is now as CLUELESS as the PSTN providers, and
just as power hungry. The current ISPs have the opportunity to turn the
Internet into the PSTN, where customers can have any service they want as
long as it uses an audio interface and a rotary dial for signaling. ;)

Seriously, filtering is about attempting to prevent the customer from using
their target application. Central registration is no better, as its only
purpose is exercising power through extortion of additional funds for
'allowing' that application. 

What people seem to be refusing to hear is the comment Phil Karn made at the
mic. If you insist on restricting the service to a small set of 'approved'
applications, people will simply encapsulate what they really want to do in
the approved service and you will lose visibility. For any who doubt this,
revisit how the Internet was deployed and grew despite the limitations of
the PSTN interface & offerings. 

The Internet has value because it allows arbitrary interactions where new
applications can be developed and fostered. The centrally controlled model
would have prevented IM, web, sip applications, etc. from ever being
deployed. If there are any operators out there who still understand the
value in allowing the next generation of applications to incubate, you need
to push back on this tendency to limit the Internet to an 'approved' list of
ports and service models.

Tony

> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> Timothy R. McKee
> Sent: Monday, February 16, 2004 1:19 PM
> To: 'Petri Helenius'
> Cc: 'J Bacher'; nanog at merit.edu
> Subject: RE: Anti-spam System Idea
> 
> 
> Personally I don't see where ingress filters that only allow registered
> SMTP servers to initiate TCP connections on port 25 is irresponsible.
> 
> Any user sophisticated enough to legitimately require a running SMTP
> server
> should also have the sophistication to create a dns entry and register it
> with
> his upstream in whatever manner is required.
> 
> There will never be a painless or easy solution to this problem, only a
> choice where we select the lesser of all evils.
> 
> Tim
> 
> -----Original Message-----
> From: Petri Helenius [mailto:pete at he.iki.fi]
> Sent: Monday, February 16, 2004 16:06
> To: Timothy R. McKee
> Cc: 'J Bacher'; nanog at merit.edu
> Subject: Re: Anti-spam System Idea
> 
> Timothy R. McKee wrote:
> 
> >There will *never* be a concerted action by all service providers to
> >filter ingress/egress on abused ports unless there is a legal
> >requirement to do so.  Think 'level playing field'...
> >
> >
> Haven´t it been stated enough times previously that blindly blocking ports
> is irresponsible?
> 
> There are ways to similar, if not more accurate results without resorting
> to
> shooting everything that moves.
> 
> Pete