On Fri, May 26, 2023 at 4:26 PM Manfredi (US), Albert E <[email protected]> wrote: > > -----Original Message----- > From: ipv6 <[email protected]> On Behalf Of Tom Herbert > > > And IETF exists for the good of the Internet and the world's population, > > not so your company can make money! > > Ouch, Tom, let's not devolve the conversation here. > > "Making money," legally of course, is nothing more than proof the system > works. The IETF exists because many companies around the world see a great > benefit in having such a communications tool available to them. These > companies pay some of their people to participate. IETF participants are not > typically just independently wealthy free agents. Each of these guys fits in > some category of participant (equipment vendor, network provider, application > designers) and each has a responsibility to see that their interests are met, > not ignored. > > If the communications tool introduces vulnerabilities that would potentially > detract from their businesses, the IETF participants have the responsibility > to bring that to light. We can’t expect some nebulous "greater good," however > each of us defines that, to cause damage to users of the Internet. Besides > which, ideas of what constitutes an actual "the greater good" are probably as > varied as are the IETF participants.
Albert, Correct, that's the fundamental problem. When public network providers apply ad hoc protocol filtering, that limits the capabilities and opportunities to provide value to the users. For instance, if someone came up with a new transport protocol that improves user security by 10x, we couldn't deploy it because some network providers would block it. So the very security policies that are ostensibly in place to protect the users can actually harm them. As for what constitutes the "the greater good", like pretty much everything else in IETF shouldn't that be something determined by "rough consensus"? If someone wants to write the BCP as to what extension headers should be regularly blocked and provide clear rationale why they need to be blocked and why the problems can't be fixed, that would be something to discuss and try to achieve consensus on. Even if the consensus were that extension headers need to be deprecated, to me that would be better than the current situation where we, specifically application and host developers, need to deal with a patchwork of anonymous and seemingly arbitrary network provider policies that degenerate the end to end services we can provide to users to rely only on least common denominator of protocols which we can only deduce by guess work. Tom > > Bert > _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
