On Oct 10, 2011, at 08:51 , Michael Richardson wrote: > > It does break the *I*nternet model: the one where the ISPs control > everything like the telcos did before, and I need to beg to be allowed > to receive SYN packets. Why do I care if it breaks the business plans > of some ISPs?
I hate to break the news to you, but it isn't the ISPs that are making you beg to receive a SYN packet from anywhere on the Internet. It's the home gateway vendors, who are following the advice of RFC 4864 to implement stateful default-deny simple security mechanisms, and who follow the advice of myriad other 'experts' who insist that these functions be enabled by default. Shorter james: it's your residential subscribers who insisting that your devices need to beg for permission to receive inbound SYN packets from arbitrary remote addresses. The IETF is in the process of specifying a protocol to let you beg for incoming packets, c.f. I-D.ietf-pcp-base. I wish you all the luck in the world convincing the average home networking gear buyer that they shouldn't need any of this craziness. Sincerely. I tried that. Been there, done that, got the T-shirt, ended up buffing the car with it, donated the car to charity when the car wore out... in other words, I am done struggling against what you call "the Internet model" because from my perspective that's like to trying to bail out San Francisco bay with a tea cup. Have fun storming the castle though... -- james woodyatt <[email protected]> member of technical staff, core os networking _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
