Clueless service restrictions (was RE: Anti-spam System Idea)

• Previous message (by thread): Clueless service restrictions (was RE: Anti-spam System Idea)
• Next message (by thread): Clueless service restrictions (was RE: Anti-spam System Idea)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--On 17 February 2004 12:17 -0800 Tony Hain <alh-ietf at tndh.net> wrote:

[with apologies for rearrangement]

> The Internet has value because it allows arbitrary interactions where new
> applications can be developed and fostered. The centrally controlled model
> would have prevented IM, web, sip applications, etc. from ever being
> deployed. If there are any operators out there who still understand the
> value in allowing the next generation of applications to incubate, you
> need to push back on this tendency to limit the Internet to an 'approved'
> list of ports and service models.
...
> Seriously, filtering is about attempting to prevent the customer from
> using their target application. Central registration is no better, as its
> only purpose is exercising power through extortion of additional funds for
> 'allowing' that application.


Quite right in general.

However
a) Some forms of filtering, which do occasionally prevent the customer
   from using their target application, are in general good, as the
   operational (see, on topic) impact of *not* applying tends to be
   worse than the disruption of applying them. Examples: source IP
   filtering on ingress, BGP route filtering. Both of these are known
   to break harmless applications. I would suggest both are good things.

b) The real problem here is that there are TWO problems which interact.
   It is a specific case of the following general problem:
   * A desire for any to any end to end connectivity using the
     protocol concerned => filter free internet
   * No authentication scheme

Applying filters based on IP address & protocol (whether it's by filtering
or RBL) is in effect attempting to do authentication by IP address. We know
this is not a good model. People do, however, use it because there
currently is no realistic widely deployed alternative available. Those
that are currently available (e.g. SPF) are not widely deployed, and
in any case are far from perfect. Whilst we have no hammer, people will
keep using the screwdriver to drive in nails, and who can blame them?

Alex

• Previous message (by thread): Clueless service restrictions (was RE: Anti-spam System Idea)
• Next message (by thread): Clueless service restrictions (was RE: Anti-spam System Idea)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]