> Whether something is "legitimate" is a matter of opinion, protocol > conformance typically is not.
In the real world, protocol conformance involves how people interpret the specs (which have historically been quite loose) and what developers of things like firewalls have to do to keep real world threats from making the Internet totally useless. What seems to be happening is things that are necessary get done while adhering to the developers best efforts to adhere to the specs and real world utilization. Eventually, what really happens is things which are necessary enough to be widely used (like firewalls) dictate what the specs didn't say when the firewalls were designed. > For applications and hosts firewalls are not all necessary to do their job and > have created way more problems for developers than they solve. Umm, are you really trying to claim that firewalls are not necessary? If it wasn't for firewalls, the Internet would be pretty much useless. I wish that were not so, but... > In fact, in the 6man meeting the other day someone pointed out that the > effect of NAT has been to move the problems and complexity out of the > network into the host and application-- as a host developer I can say that > this > statement is spot on. NAT is a red herring -- it's not the only reason firewalls need to look at ports to do their job. Then again, NAT It is a really good argument for not enhancing IPv4 (so that NAT will go away). BTW, I am a host developer and protocol stack maintainer. I see this as a huge amount of work to implement something no-one will be able to use for 2-3 decades. Especially when it's all available via IPv6, now. > Right, and this is exactly what drives use to limit packets on the Internet to > perpetually use the least common denominator of support in the network. > The result is an ossified Internet that we can no longer > evolve-- IMO that's not a good thing! And how does defining something no-one will be able to use for two or three decades solve that problem -- better than IPv6 which already has a 2 decade head start? _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
