AWS Elastic IP architecture

Pete Carah pete at altadena.net
Thu Jun 4 23:24:49 UTC 2015


On 06/04/2015 01:16 PM, Christopher Morrow wrote:
> On Thu, Jun 4, 2015 at 5:11 AM, Owen DeLong <owen at delong.com> wrote:
>> I’d argue that SSH is several thousand, not a few hundred. In any case, I suppose you can make the argument that only a few people are trying to access their home network resources remotely other than via some sort of proxy/rendezvous service. However, I would argue that such services exist solely to provide a workaround for the deficiencies in the network introduced by NAT. Get rid of the stupid NAT and you no longer need such services.
> This is an interesting argument/point, but if you remove the rendevous
> service then how do you find the thing in your house? now the user has
> to manage DNS, or the service in question has to manage a dns entry
> for the customer, right?
A large part of my heartburn with this is the proliferation of
unidentified rendezvous services
with no hint of SLA or anything that are burned in to things like door
locks, thermostats, washing machines, etc etc.  (also no hint of where
and even what country has the rendezvous in question...)
Once I've equipped my house with IoT devices, there will be a bunch
(hundred?) outbound connections to different rendezvous services. 
Nothing in the box or literature identifies the server(s) in question
either.
(and likely most of them don't even use https.)  You want your door lock
and thermostat to effectively publish when you are away for a couple of
weeks, onto someone else's unidentified server?  At least dns rendezvous
allow endpoint security if the manufacturer even thinks about that...

-- Pete

....



More information about the NANOG mailing list