Brian is playing unfair here by introducing an actual application layer consequence into the architecture discussion :-)
The referral problem he refers to is real, but I see it more as a consequence of the IETF being too rigid in its approach to address numbering. The basic question here is that we have two hosts that are to connect for a peer-peer protocol in which either endpoint can initiate or respond to a connection request. Clearly this is rather challenging if the boundaries between addressing schemes are arbitrary and becomes somewhat simpler in a uniform addressing model. But the real Internet is not like that. It is a network of networks and crossing the boundary between a private network and the interconnect space between the networks has consequences. One of those consequences is that addresses can change at the private/interconnect border. Another consequence is that crossing that boundary should have security consequences. Opening up a port to receive connection requests has considerably greater security consequence than making the request. The requester is opening a communication channel with a single, specified entity, the responder is opening access to any host on the Internet. "It is much better to give than to receive" So opening a port is an event that should be mediated by access control at the host level and private/interconnect border at a minimum. In a default deny network there will be additional policy enforcement within the private network.
_______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
