|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Clueless service restrictions (was RE: Anti-spam System Idea)
--On 17 February 2004 12:17 -0800 Tony Hain <[email protected]> wrote: [with apologies for rearrangement] The Internet has value because it allows arbitrary interactions where new applications can be developed and fostered. The centrally controlled model would have prevented IM, web, sip applications, etc. from ever being deployed. If there are any operators out there who still understand the value in allowing the next generation of applications to incubate, you need to push back on this tendency to limit the Internet to an 'approved' list of ports and service models. ... Seriously, filtering is about attempting to prevent the customer from using their target application. Central registration is no better, as its only purpose is exercising power through extortion of additional funds for 'allowing' that application.
Quite right in general.
However
a) Some forms of filtering, which do occasionally prevent the customer
from using their target application, are in general good, as the
operational (see, on topic) impact of *not* applying tends to be
worse than the disruption of applying them. Examples: source IP
filtering on ingress, BGP route filtering. Both of these are known
to break harmless applications. I would suggest both are good things.
b) The real problem here is that there are TWO problems which interact.
It is a specific case of the following general problem:
* A desire for any to any end to end connectivity using the
protocol concerned => filter free internet
* No authentication scheme
Applying filters based on IP address & protocol (whether it's by filtering
or RBL) is in effect attempting to do authentication by IP address. We know
this is not a good model. People do, however, use it because there
currently is no realistic widely deployed alternative available. Those
that are currently available (e.g. SPF) are not widely deployed, and
in any case are far from perfect. Whilst we have no hammer, people will
keep using the screwdriver to drive in nails, and who can blame them?
Alex
|