On Sun, Aug 26, 2018 at 04:16:39PM -0700, Tom Herbert wrote: > When the host stack pundits are asking network device stack builders > to conform to the standard protocols then I believe that is > reasonable. If firewalls were standard and ubiquitous, and standards > were adhered to, then host stacks would have no problem. But alas > they're not, so we're forced to implement the host stack per the least > common denominator functionality of network devices.
[RANT] Sure. And now we've got internet highways full of speeding, black, armored, window tinted and removed license plate SUV packets. And given how the road authorities are seen as commerical competitors to the business models of those attack SUV packet companies they even manage to bribe congress into thinking that the road authorities should simply get out of the way. And whenever you open one of those SUV cars, it's full of little "net neutrality" crybabies running lacrimal gland attacks against the voting public. [/RANT] Aka: Its a commercial issue and standards are built these days to prohibit others to do what you want to exclusively do yourself. I am saying this not to discount the good standard results we have, but primarily to explain why we do not also get other good standards. > Conversely, do you allow your smartphone to connect to a network > before you've verified that a firewall is being run in the network, > what vendor provided it, and what the configured rules are? When pacemaker companies do willfully reject to fix security attack vectors against their devices for years, the IETF should really start focussing more on what it can do to create more network security and the right architectures for it. There should be a lot of business for all those crappy embedded endpoint vendors to outsource security in a trusted fashion to someone who cares about it. Toerless > Tom > > > Cheers > > Toerless > > > >> Using part of the IPv6 space for this solution would then break > >> per-address network management (different UDP ports would use different > >> IPv6 addresses, presumably). > >> > >> The ???disease" is that NATs don???t reassemble (or emulate it). It???s > >> not useful to try to address the symptoms of that disease individually. > >> > >> Joe _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
