Re: IETF Meetings - High Registration Fees
Bonney Robin Hood Kooper wrote: [..] But if you take the system view and consider the big picture, and try to see who is benefitting most in increased revenues as a result of pushing their proprietary standards as IETF standards, [..] If you are not seeing any personal or business benefit from attending the IETF, why are you thinking of going? (Have you ever gone to an IETF meeting?) gja
Re: [idn] WG last call summary
Furthermore, the IETF specifications that allow 7-bit software should be fixed as soon as possible. Do you disagree with this? Or do you want these bugs to continue to plague programmers in 10 years? 20 years? 50 years? I'm having trouble understanding why we're still using these old protocols. Does a standardized transparent (in the binary sense of the word) mail protocol with built-in support for multi-part messages exist? Then why isn't it being implemented all over the place? It would make things a whole lot simpler: no UTF-8 or MIME encoding of international characters would be nessecary (use Unicode), binary attachments would take up significantly less space and Unicode IDNs could easily be supported. -- Thor Harald Johansen
Re: 10 years and no ubiquitous security
At 10:18 AM 3/18/2002 -0600, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], William Allen Simpson writes: The Purple Streak (Hilarie Orman) wrote: ... But Bill, I'm trying to understand what your point is. We can't force people to use security. IPsec is standard in most major business operating systems (Win2K, Solaris, *BSD, etc.) and available for for Linux. There are hardware solutions -- I have a small IPsec box with me in Minneapolis. But except for VPN scenarios, most people choose not to use it. I think there's a lesson there, but I fail to see how Steve Kent or any of the other players in the history of IPsec are at all at fault. At last call call several years ago I detailed my misgivings about the design. However since so many talented people had already put years of work into it I also wrote that the market must decide its fate. It seems to have decided, IPsec has settled into a fairly modest VPN market niche ($200M/yr revenues or so?). It is not turned on by (or not available on) at least 99% of the Internet hosts. I guess the $64 question is whither do we go now with IPsec? 1. Do we do significant surgery on it and muddle on? 2. Do we stop working on it and start over with a fresh design? (Besides VPN what other pressing problem needs a solution?) 3. Do we give up? (Or at least be satisfied with a VPN only solution.) I'm a little amazed that IPsec has had as much success as it has had to date. I've seen so many other secure IETF protocols die much more quickly; SNMPSEC, PEM, SHTTP, etc. - Alex -- Alex Alten [EMAIL PROTECTED]
Re: Netmeeting - NAT issue
Ok, I have to say something. I agree that NATs are evil, and *should* not exist. But, since ISP's currently charge tons of money for more than one IP address, they always *will* exist. Maybe IPv6 will fix all that . . . . we can only pray . . . -- David Frascone Reality is for those who can't handle Star Trek.
Re: Netmeeting - NAT issue
On Mon, 18 Mar 2002 21:00:22 PST, Peter Ford [EMAIL PROTECTED] said: I would love to see the complete solution to signaling all the potential blocking intermediate hops in the network that specific traffic should pass. I would love to see the complete *SECURE* solution to signaling all the potential blocking intermediate hops in the network that specific traffic should pass. Some of us deploy firewalls in order to stop our systems from being able to contact the ourside world if they get trojaned. Opening a port just because a UPNP device says pretty please works against that... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech msg07895/pgp0.pgp Description: PGP signature
Re: Netmeeting - NAT issue
On Tue, 19 Mar 2002 08:40:02 CST, David Frascone said: I agree that NATs are evil, and *should* not exist. But, since ISP's currently charge tons of money for more than one IP address, they always *will* exist. Bad logic. They won't always will. They will as long as ISPs have the current rate structure. Correlate the number of cell phones with the change in pricing structure over the last few years -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech msg07896/pgp0.pgp Description: PGP signature
Re: Sponsorship (was Re: IETF Meetings - High Registration Fees)
Being practical, you only *need* to attend a meeting if there is an intractable problem in front of a WG you're actively participating in, and solving that problem requires a face-to-face session. essentially all of the work done at meetings happens in the hallways, restaurants, and bars - when small groups of people get together to work out mutual understandings and compromises which then emerge as proposals to WGs. sometimes this can be done in email or over the phone, but it's much easier in person.
Re: Sponsorship (was Re: IETF Meetings - High Registration Fees)
essentially all of the work done at meetings happens in the hallways, restaurants, and bars - when small groups of people get together ... Yes, I see. So much for the myth of an open process.
Re: Sponsorship (was Re: IETF Meetings - High Registration Fees)
On Tue, 19 Mar 2002 13:43:06 CST, Matt Crawford [EMAIL PROTECTED] said: essentially all of the work done at meetings happens in the hallways, restaurants, and bars - when small groups of people get together ... Yes, I see. So much for the myth of an open process. I'm willing to place bets that a *very* large chunk of things accomplished in the hallways of *THIS* IETF will be a BOF at the *next* one, and a working group at the one after that. Also, a quick sanity check of an idea that takes 10 minutes in the hallway (Hey Fred - does this sound reasonable, or am I smoking crack again?) could take anywhere from 45 minutes to forever in the context of a working group session (remember, it usually takes less time to bring ONE person up to speed than to bring a whole room up to speed on your new idea...) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech msg07910/pgp0.pgp Description: PGP signature
Re: Netmeeting - NAT issue
OK, but that does not solve the problem where the NATs are mostly deployed -- home and SOHO -- until all internet servers of interest to those users speak IPv6. Can be upgraded to do so is great if you control the server, but these users don't. So Yahoo, Google, etc can be pursuaded to upgrade, maybe... and the home/SOHO user using the setup below does a search. Many of the hits will be IPv4 only sites, and we are back to NAT. Don't get me wrong, this is a good migration path and should be pushed as much as possible, but it is not as fast as your message implies. --On Tuesday, March 19, 2002 11:37 -0500 Keith Moore [EMAIL PROTECTED] wrote: Maybe IPv6 will fix all that . . . . we can only pray . . . easily fixed. get a single IPv4 address, assign it to a 6to4 router that's installed at your border, and put up to 2**80 hosts (okay, 2**16 hosts if you use stateless autoconfig) behind it. you can then get to any of those hosts from any another machine that speaks IPv6. if those machines don't speak IPv6, they can often be upgraded to do so. if they don't have IPv6 connectity, they can get it using 6to4. Hans Kruse, Associate Professor J. Warren McClure School of Communication Systems Management Ohio University, Athens, OH, 45701 740-593-4891 voice, 740-593-4889 fax
Re: Netmeeting - NAT issue
in a just world, the NAT vendors would all be sued out of existence for the harm they've done to the Internet. in the real world, if you can hire a famous personality to advertise your product on TV, then by definition it must work well. The last time I was this hard-headed about a technology I thought was a bad idea technically, the company I was associated with never really recovered (although there were other problems too). notice I did say in a just world. I don't pretend that this world is just. If you want to make money, you have to understand that the economic environment we live in favors those who do harm. You can choose whether or not to do harm (and to what degree), but it doesn't help to pretend that the market will reward you for doing good. Deal with it. likewise. Keith
Re: Netmeeting - NAT issue
OK, but that does not solve the problem where the NATs are mostly deployed -- home and SOHO -- until all internet servers of interest to those users speak IPv6. Can be upgraded to do so is great if you control the server, but these users don't. true enough. fortunately, NAT doesn't interfere much with www and email, and a few other common services, so NATted v4 works okay to access these. IMHO v6 will mostly be used to talk between things that don't work with NAT. for those things, it's worth it to upgrade the hosts. and 6to4 relives some of the immediate requirement to upgrade the net. Keith
Re: [idn] WG last call summary
On Mar 19, D. J. Bernstein [EMAIL PROTECTED] wrote: Paul Robinson writes: Something *should* be done, but your argument has a hint of 'I never want anything done, ever' about it, which is putting people off. I have put a huge amount of effort into evaluating the costs of various IDN proposals. Please read http://cr.yp.to/proto/idnc3.html before you make any more comments about what I'm trying to do. I stand by my original statement. Something should be done, but your document make you look like a typical whiner - you point out all the problems, but offer no solutions to some of the problems you raise. The solutions you do offer will take at least 4 years IMHO to be effective, and your phase 2 will actually INTRODUCE more problems, as well as allowing the continuation of other problems you raise. You may be aware that I'm the author of the mail software with the Internet's largest increase in SMTP-server deployment over the past 18 months (reaching #2 in total deployment, behind only Sendmail), and the DNS software with the Internet's largest increase in domain-name deployment over the past 18 months (reaching #2 in total deployment, behind only BIND). My programs relay 8-bit data without trouble, even though certain people obviously don't understand why this is important. I know who you are. I know your software. I have spent many hours looking at your code. It's why I'm suspicious of anything you ever write or say. Don't get me wrong, I'm not lacking in respect for some of the things you've done, but I think you're shooting yourself in the foot with the way you'er going about this. I don't want to have an argument with you, but you're approaching this from the wrong angle. All very wrong. It's what you do, and it makes sense to you, but shouting at everybody THAT THEY'RE ALL WRONG AND IT MUST ALL STOP RIGHT NOW OR ELSE THE WORLD WILL END AND MAIL WILL BREAK is not the way to get IDNA fixed. Perhaps expanding out IDNC3 to something more than 'these pieces of software need to be 8-bit clean and then we start registration' might be somewhere to head next... I want internationalized domain names (and mailbox names and so on) to work. But I can't support the IDNA proposal; IDNA is a disaster. I also can't accept having _any_ protocol move forward over so many objections. Even the strongest desire to _do something_ is less important than the requirement to obtain consensus for any change. Don't you understand that to get what you want, all Unix boxen have to be *completely* 8-bit OK, all MS boxen have to be *completely* 8-bit OK and a good 20% of sites out there will just have to shut down ops permanently? How are you proposing to display alpha-ol.com on a VT100? Had you not considered (and excuse me if I'm being dumb here), that just modifying a DNS resolver to understnad PunyCode might just be a nice short cut? That perhaps, just maybe, software that recognises e-mail addresses as being any continuous text with @ in them, and URLs as beginning http:// is going to be able to just throw a string down to a resolver that knows that it's doing? And that maybe replacing the DNS resolver on all the machine s out there to be able to do lookups with PunyCode might be a TAD more realistic than trying to get EVERYTHING, EVERYWHERE to be good with 8-bit? I must be missing something here... I've *got* to be missing something here... please, somebody tell me what it is... -- Paul Robinson
Re: Sponsorship (was Re: IETF Meetings - High Registration Fees)
essentially all of the work done at meetings happens in the hallways, restaurants, and bars - when small groups of people get together ... Yes, I see. So much for the myth of an open process. I'm willing to place bets that a *very* large chunk of things accomplished in the hallways of *THIS* IETF will be a BOF at the *next* one, and a working group at the one after that. You've said that you don't go to meetings, so I won't fault your naivete, but the bulk of the hallway and bar work consists of squashing, not originating, WG items.
Re: Netmeeting - NAT issue
everyone-- I know this is a frequent source of heated discussion, and that much has already been said that doesn't need to be repeated here, but I *just* *can't* *let* *this* *go* unchallenged. - On Tuesday, March 19, 2002, at 08:26 AM, Keith Moore wrote: [...] in a just world, the NAT vendors would all be sued out of existence for the harm they've done to the Internet. in the real world, if you can hire a famous personality to advertise your product on TV, then by definition it must work well. [...] The harm done to the growth potential of the Internet by the widespread deployment of NAT routers is not the fault of the people who make them. That there is a profitable business to be made in selling NAT appliances to non-technical Internet users is *not* the root cause of the problem. It's a symptom, and I think the IETF would do very well to think long and hard about how to solve the real problem illustrated by the ubiquity of NAT routers in residential settings: strategic opposition to the end-to-end architecture among large retail Internet service providers. The first thing I would suggest is to sit back and contemplate whether the situation bears any resemblance to other problems in which the user population engages in behavior that results in short-term personal benefit in exchange for long-term harm to the welfare of society. In fairness, I should disclose that I am currently employed by a company that sells-- among other fine products-- a home gateway appliance with a NAT routing function; also, my responsibilities include integrating the library of ALG implementations it offers. So, yes-- I've been having this debate with myself for years. I very much wish there were a profitable business to be made selling home gateway appliances with IPv6 and 6to4 support, but I also very much wish that Afghan farmers could make a living growing wheat instead of opium. Sadly-- there is not much business to be made that way today, and whether there will be a thriving business there in the near future remains a very open question. -- j h woodyatt [EMAIL PROTECTED]
Re: [idn] WG last call summary
On Mar 19, D. J. Bernstein [EMAIL PROTECTED] wrote: Go sell a Greek user an ``internationalized domain name'' with a delta, Pete. Then tell him that most of his correspondents will see the delta as incomprehensible gobbledygook rather than a delta. See what he says. OK, scenario 1: You tell him that although it's gobbledygook to people without greek alphabet support, it will still work. It's not convenient, but it WILL work. Guaranteed. For his business colleagues and friends in Greece, who DO have the latest and greatest software, it will display as a delta. His ISP hasn't had to upgrade, and everybody in the world can use his domain - eventually they will see it as a delta as well, but for now they see it as an encoded string they can still use no problem. Scenario 2: Oops, sorry, our mistake, it's NOT gobbledygook, it's prefectly fine. For everybody in Greece. Unfortunately, his bank in the UK can't understand his e-mail address because the S/360 coders haven't got time to upgrade all the systems and applications software. His family won't be able to send him mail through systems that are running proprietary or legacy mail applications because they don't understand this 8-bt stuff. When he's abroad, his website and e-mail address may be useless. But it's OK, because it's a CLEAN implementation and a great protocol, and everybody else will catch up sometime in the next 4-10 years. Until then, he has to get a 'normal' domain to see himself over. Of course, display failures are not as intolerable as interoperability failures. But they're still failures. And they are failures for OS developers and application developers. Not the IETF. Not for the IDNA WG. Not for anybody who wants to get IDNs through. Not for the people who don't want to have to re-write the MTA on the PDP they have running in the back office. Not for people who want to have to deal with another SMTP spec change. The only problem as I see it, is that until software that deals with IDN knows how to display PunyCode properly, people will see some crap on the screen. What you are proposing IS introducing an interoperability failure, which through your own admission is worse than a display failure. Surely you agree that bounced mail is serious! Which of these is easier to implement: 1. An updated DNS resolver 2. Making every piece of software and display device that might ever have to deal with IDNs capable of handling UTF-8? If you were IT director of a large firm, and you had a choice as to which to roll out, which would you choose? -- Paul Robinson
Re: Netmeeting - NAT issue
The first thing I would suggest is to sit back and contemplate whether the situation bears any resemblance to other problems in which the user population engages in behavior that results in short-term personal benefit in exchange for long-term harm to the welfare of society. granted there are numerous instances of this. but it seems disingenuous to blame the NAT problem on users when the NAT vendors are doing their best to mislead users about the harm that NAT does.
Re: Sponsorship (was Re: IETF Meetings - High Registration Fees)
essentially all of the work done at meetings happens in the hallways, restaurants, and bars - when small groups of people get together ... Yes, I see. So much for the myth of an open process. you cleverly left off the rest of my statement where I said the ideas are reviewed by WGs. nor did I say that the small groups of people included specific people. the process is still open. any group of people can get together to brainstorm. but good ideas rarely come from large groups - they come from individuals or small groups. small groups are better at coming up with proposals; large groups are better at doing review and coming up with usage scenarios. Ketih
Re: IETF Meetings - High Registration Fees
On Mar 18, grenville armitage [EMAIL PROTECTED] wrote: At the IETF meetings you've participated in, are you saying the morning and afternoon stimulants failed to help you stay awake during your various WGs, BOFs, and hallway discussions? Stimulants? Who needs stimulants when you've got unfinished code from that project you meant to finish 3 months ago? It's all you need, I can assure you... next you'll be suggesting that sleep is a good idea. Pah! You might want to look into WG mailing lists for this purpose. Did so. Ran into the same problems Bernstein is having now with IDNA. H... :-) -- Paul Robinson
RE: Netmeeting - NAT issue
Keith, In a just world, people freely purchase the things they want and believe solves a real world problem for them. The Internet has grown at an incredible rate and I suspect in large part due to NATs. I wonder if the Internet would sue the NAT vendors, or thank them for establishing a broader customer base, especially customers who pay for broadband? (in the u.s. they would certainly be honored for accomplishments and sued! ) I would like to close this discussion with: the Internet has v6 coming in the pipeline, and the AT of NATs will go probably go away as a result. apps in general need transparent connectivity amongst peers, but the tacit assumption that all an app has to do is send a packet is not realistic and things will just work is unrealistic. In other words, NATs becoming personal firewalls is a growth market. Like almost every other resource, the network is something that will be managed, inspected, measure, and controlled by some policy. This will be manifested in a collection of protocols from the host asking the network to do things. MobileIP is an example, authenticated firewall traversal is another. I predict you will see what some have called the remote bind problem of opening holes in firewalls and NATs for listening services behind firewalls to be an important protocol to get nailed. The extent to which we can help people NOT be firewall admins, the better off we all will be. I would not be wasting my time sending mail to this list if I did not suspect the IETF knew where the problems are. What I am hoping will arise is action and results. Cheers, peterf P.S. lighten up. We will get v6 tunneled over v4 over NATs as well. What bliss!
Re: Sponsorship (was Re: IETF Meetings - High Registration Fees)
You've said that you don't go to meetings, so I won't fault your naivete, but the bulk of the hallway and bar work consists of squashing, not originating, WG items. since more bad/naive ideas are generated than good ones, this seems entirely appropriate.
Re: Netmeeting - NAT issue
Of all the gin joints in all the towns in all the world, Keith Moore had to walk into mine and say: granted there are numerous instances of this. but it seems disingenuous to blame the NAT problem on users when the NAT vendors are doing their best to mislead users about the harm that NAT does. I think you missed the important point. It's not the NAT vendors, it's the ISPs. I have 6 computers at home. I'd be perfectly happy to have a /28 or so of address space routed for me by my ISP, but I would have to upgrade from the residential $40/month connection to the business $500/month to do so. I'll think I'll buy a $130 Linksys box and pocket the savings, thank you very much. I understand the limitations of NAT environments, having built two commercial ALG firewalls and maintained several linux based ones for my friends. I just don't really have any choice. My ISP doesn't offer IPv6 (and won't for the foreseeable future). I do have an IPv6 tunnel from a tunnelbroker, and I do run 6to4, but that doesn't connect me to very much. (All $ are Canadian. :-) -- Harald Koch [EMAIL PROTECTED] It takes a child to raze a village. -Michael T. Fry
Re: Netmeeting - NAT issue
On Tuesday, March 19, 2002, at 01:10 PM, Keith Moore wrote: [I wrote:] The first thing I would suggest is to sit back and contemplate whether the situation bears any resemblance to other problems in which the user population engages in behavior that results in short-term personal benefit in exchange for long-term harm to the welfare of society. granted there are numerous instances of this. but it seems disingenuous to blame the NAT problem on users when the NAT vendors are doing their best to mislead users about the harm that NAT does. I did not mean to imply that my employer's customers are to blame for the NAT problem, or to excuse the NAT vendors (including my employer) who mislead their customers about the harm caused by NAT routers. In the sentence immediately before the one you quoted, I expressed the following opinion (admittedly, as if it were fact): [...] the real problem illustrated by the ubiquity of NAT routers in residential settings: strategic opposition to the end-to-end architecture among large retail Internet service providers. I could be wrong about this, but I really believe this is the root cause of the NAT problem, not ignorant users or self-interested appliance vendors. -- j h woodyatt [EMAIL PROTECTED]
Re: Sponsorship (was Re: IETF Meetings - High Registration Fees)
On Mon, 18 Mar 2002, Lyndon Nerenberg wrote: I think this is an artifact of the use of mailing lists for WG traffic: it's just not practical to follow all the mailing lists. (I sure don't.) A possible solution would be to feed all of the WG lists into a read-only IMAP (and NNTP) server, making it easier to browse a wider cross section of lists without completely obliterating your inbox I've been doing this (via IMAP) for years and it works well for me. Now if the IETF (and the rest of the world) would make list archives available via anonymous IMAP, then we all wouldn't have to do this ourselves. And if IMAP clients would properly support anonymous IMAP, then it might be generally useful. (Sorry, this seems to be All Rants All The Time Week on the IETF list, so I had to add one of mine. 8^) - RL Bob
Re: IETF Meetings - High Registration Fees
To believe this, you must believe that large vendors are unable to ship a product until it has some sort of IETF rubber stamp. Stephen, It does increase the acceptance of a solution specially when customers are concerned about inter-operatability issues. It is more so in carrier networks. You must also believe that this IETF rubber stamp is only available to large vendors, and only large vendors will benefit from it. I didn't say that. I said RELATIVE benefit derived (actual in terms of increased sales, or perceived in terms of prestige and goodwill). We don't have fix tax per person for all rich and poor even though everyone uses the same federal/state services?. The question is what are the alternatives way to better fund IETF activities and control (controllable portion of) rising costs? Given that the IETF does not recognize organizations at all, it is hard to agree with this model. The process is specifically designed to prevent this from happening, and I think the current IDNA argument shows that it's difficult to railroad a WG with a bad idea. Agreed - i didn't say that it is easy to push bad idea through any working group. But it is easier to build a momentum around for an idea if you have many people coming from the same organisation simply because you know them, and you work closely with them (though many people will say the design of IPv6, and a lot of MPLS work isn't a shining example of good work, but it is not because of bad ideas, but rather too many good ideas :-)) ==bonney __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/
Re: Netmeeting - NAT issue
From: Keith Moore [EMAIL PROTECTED] it seems disingenuous to blame the NAT problem on users when the NAT vendors are doing their best to mislead users about the harm that NAT does. Oh, piffle. NAT's don't harm the Internet, any more than a host of other things: invisible Web caches, ISP packet filtering (I can't run an SMTP server because my cable ISP are a bunch of fascist morons, so I have to run 'fetchmail' instead - which generates *more* traffic - but I digress), etc, etc. Many of those are far more problematic *in practise*, but don't seem to generate anything like as much heat. (And I won't even get into policy stupidity relating to the Internet, such as the way in which some large commercial entities are using trademark and copyright law, the DMCA, etc as blunt instruments to bulldoze small players - the ToysRUs attack on the people running BondageToysRUs being merely the latest example to come to my attention.) There are a number of good technical reasons for down-marking NAT's, but they aren't as terminally serious as some people claim, looked at from a far-off stance. E.g. they do increase the fragility of the network, by moving state away from the endpoints. However, the pure end-end model (where all the intelligence is in the endpoints, and everything in the middle is dumb as a post) is too simple for today's network anyway - security alone demands that we be able to move some functionality to a site border router, or some such. And in practise, the fragility of my NAT box is far less than the fragility of the routing - something that nobody seems to be anything like as greatly exercised by. So I discount that one. Etc, etc. All of which leads me to a simple conclusion: one big reason that you and any number of other people are upset about NAT's has nothing to do with their technical shortcomings. Rather, what gets people so aggravated is that they are killing off the preferred alternative. About which, let me also observe that that alternative is (in effect) a return to a misty golden age where IPvN was carried everywhere with no interference. Well, those days are gone forever. Noel
Re: Netmeeting - NAT issue
I think you missed the important point. It's not the NAT vendors, it's the ISPs. I'll grant that ISPs have something to do with it. But there is a shortage of IPv4 addresses, so it's not as if anybody can have as many as they want. And it's not the fact that people are selling NAT that I find objectionable, it's the fact that they are marketing them as a general purpose solution - misleading people about their applicability - rather than a stopgap measure. Keith
RE: Netmeeting - NAT issue
Noel Chiappa wrote: ... security alone demands that we be able to move some functionality to a site border router, or some such. Why does security demand an external border? Is that based on the assumption that the host is too stupid to protect itself? If it is based on having an app listening on a port with the intent of local use, but expecting a border device to protect that app from remote use (or abuse), is that the right deployment model? Is the lack of a clear IPv4 way to identify locality at the root of your claim? Tony
Re: Netmeeting - NAT issue
Oh, piffle. NAT's don't harm the Internet, any more than a host of other things: the fact that other things do harm doesn't mean that NATs don't also do harm, or that the harm done by NAT is somehow lessened or excused. and IMHO most of the other things you mentioned do less harm than NATs, though I agree there are a lot of folks out there who are getting away with screwing the net. All of which leads me to a simple conclusion: one big reason that you and any number of other people are upset about NAT's has nothing to do with their technical shortcomings. Rather, what gets people so aggravated is that they are killing off the preferred alternative. The reason I'm upset about NATs is that they make it difficult to build distributed and peer-to-peer apps, and they encourage a model where the net is centrally controlled (not by a single center, but by a relatively small number of providers who control the center). I didn't get seriously interested in IPv6 until I realized that they were the most likely viable solution to the NAT problem. In hindsight I would have done IPv6 somewhat differently. But it's possible to start IPv6, make applications work with it, and maybe fix a few things about v6 along with way as people learn more about its shortcomings. NATs, on the other hand, are completely intractable. e.g. even if you can come up with a better solution to the firewall access problem (and I think that's possible, though we're nowhere close to that now), as long as you have NATs you're still stuck with the problems inherent in a partitioned address space. Keith
Re: Netmeeting - NAT issue
Keith; I think you missed the important point. It's not the NAT vendors, it's the ISPs. I'll grant that ISPs have something to do with it. But there is a shortage of IPv4 addresses, so it's not as if anybody can have as many as they want. Wrong. There actually is no shortage of IPv4 addresses. The primary reason of why NAT is so popular is that NICs do not offer IPv4 addresses promptly, because NICs feared shortage of IPv4 addresses. The wrong policy on IPv4 address assignment made NAT profittable. Masataka Ohta1
I don't want to be facing 8-bit bugs in 2013
Paul Robinson writes: You tell him that although it's gobbledygook to people without greek alphabet support, it will still work. It's not convenient, but it WILL work. Guaranteed. False. IDNA does _not_ work. IDNA causes interoperability failures. Mail will bounce, for example, in situations where ASCII domain names would have worked fine. IDNA coauthor Adam Costello has admitted this. And that maybe replacing the DNS resolver on all the machines out there to be able to do lookups with PunyCode might be a TAD more realistic than trying to get EVERYTHING, EVERYWHERE to be good with 8-bit? Here you are assuming that the only problem is the DNS resolver---that the conversion between the local character encoding and the IDNA character encoding can be handled entirely by the DNS resolver. That assumption is false. Consider, for example, an MTA configured to accept mail for pi.cr.yp.to, with a Greek pi. The MTA compares the incoming domain name to pi.cr.yp.to. That doesn't involve the resolver. People who say that IDN is purely a DNS issue are confused. Making every piece of software and display device that might ever have to deal with IDNs capable of handling UTF-8? Here you're being simultaneously inconsistent and shortsighted. Fixing bad displays is part of the cost of IDNs. In the context of UTF-8, you agree with me that this is a cost; in the context of IDNA, you ignore the cost completely. In fact, the cost of fixing UTF-8 displays is much _smaller_ than the cost of fixing IDNA displays. UTF-8 has been around for many years, has built up incredible momentum (as illustrated by RFC 2277), and already works in a huge number of programs. The extra programs hurt by IDNA aren't just UTF-8-aware clients. Fixing the IDNA display failures also means changing web servers, mail servers, DNS servers, etc., so that the sysadmin can put a properly displayed IDN into his server configuration files. Think about the above pi.cr.yp.to example again. The solutions you do offer will take at least 4 years IMHO to be effective Let's suppose 4 years is right, and let's compare the results to IDNA after 4 years. IDNC3 requires 8-bit fixes to some widely deployed programs, certainly. But IDNA needs _much larger_ changes in _many more_ programs. So, after the same 4 years, only a fraction of the IDNA work will be done. IDNA will still have an incredible number of display failures, plus the interoperability failures and all the other IDNA problems. Even worse, IDNA doesn't do _anything_ to fix the other half of the email problem. Do you seriously believe that Chinese users will be satisfied with email addresses where the domain part can contain Chinese characters but the box part is still required to be ASCII? It's obvious how to fix this with UTF-8; how, pray tell, do we fix it with IDNA? I presume that you're not one of the 7-bit-forever crackpots. How do you propose migrating from IDNA to UTF-8? This is much more costly than moving directly to UTF-8, because it needs a compatibility period during which everyone supports two different encodings of the same character. Doesn't it bother you that the IDNA documents don't discuss this at all? What makes your position particularly shameful is the fact that people proposed requiring 8-bit transparency _eleven years ago_. If it hadn't been for Paul Vixie et al. making your ``it'll take years!'' argument back then, we would have had 8-bit transparency today. Do you want to be facing the same stupid bugs in another eleven years? Until then, he has to get a 'normal' domain to see himself over. Correct. Your example Greek user has an ASCII domain name that's always displayed with an ASCII d instead of the truly desirable Greek delta. Now, please explain why the same user should prefer a domain name that's _occasionally_ displayed with the desired delta but _usually_ displayed as incomprehensible gobbledygook. Your answer, of course, will be something like this: ``The gobbledygook is a temporary problem. In twenty years, after the massive IDNA upgrade is complete, everyone will see a delta!'' In short, you're looking at the long-term IDNA benefits (never mind the interoperability failures and all the other problems) but refusing to look at the long-term UTF-8 benefits. Inconsistent once again. Something should be done, but your document make you look like a typical whiner - you point out all the problems, but offer no solutions to some of the problems you raise. False. http://cr.yp.to/proto/idnc3.html explains how IDNC3 offers solutions to every one of the IDNA problems that it points out: * interoperability failures; * inconsistent displays of the same name; * unnecessary implementation and deployment costs; * multiple semantically similar names; * identical displays of different names; and * typing failures. Each solution is listed right next to the problem, so I can't imagine how you missed this. What you are proposing IS
Re: Netmeeting - NAT issue
On Tue, 19 Mar 2002 19:01:14 PST, Tony Hain [EMAIL PROTECTED] said: Why does security demand an external border? Is that based on the assumption that the host is too stupid to protect itself? If it is based Yes. The host may be too stupid to protect itself - read Bugtraq or other similar lists for the gory details. In addition, an external border is useful as a checks-and-balances, for the same sort of reasons why the person balancing your company's books shouldn't be the guy writing the checks, or having Customs inspectors at the border crossing - what percent of the people on international flights understand the rules about carrying live biologicals (both animal and vegetable) for any country they may be visiting? -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech msg07933/pgp0.pgp Description: PGP signature
Re: I don't want to be facing 8-bit bugs in 2013
D. J. Bernstein; Paul Robinson writes: You tell him that although it's gobbledygook to people without greek alphabet support, it will still work. It's not convenient, but it WILL work. Guaranteed. False. IDNA does _not_ work. IDNA causes interoperability failures. IDNA does _not_ work, because Unicode does not work in International context. People who say that IDN is purely a DNS issue are confused. It's purely a cultural issue. In fact, the cost of fixing UTF-8 displays is much _smaller_ than the cost of fixing IDNA displays. UTF-8 has been around for many years, has built up incredible momentum (as illustrated by RFC 2277), and already works in a huge number of programs. In international context, it is technically impossible to properly display Unicode characters. There is no implementation exist. While some implementations work in some localized context, local character set serves better for the context. Masataka Ohta
Moderation and such
Hi. One or two of the messages I've sent out haven't received a single reply (wich is strange, considering there's always some person who disagrees with you). How is this list moderated? Is it at all? What's ok and what gets filtered out? -- Thor
Re: I don't want to be facing 8-bit bugs in 2013
Date:Wed, 20 Mar 2002 14:32:41 +0859 () From:Masataka Ohta [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] | IDNA does _not_ work, because Unicode does not work in International | context. This argument is bogus, and always has been. If (and where) unicode is defective, the right thing to do is to fix unicode. That is, it isn't the principle of a single encoding of all characters that anyone is objecting to here, it is that some specific characters have been implemented incorrectly (merged with others) as I understand it. I'm not competent to decide how important this problem is, and this is not the forum to debate it anyway (so please don't reply just to tell me how significant the problem is, nor why). Do that with whoever maintains unicode. If you can't get enough of the unicode experts to agree that there's a problem that needs fixing, then by definition, there isn't. That's just the same way as the IETF works (whether the unicode group actually work this way or not - if not, they should...) - that a few people believe something is broken is irrelevant if they can't demonstrate that well enough to sway others to agree with them. So, stop arguing against unicode (10646) - just fix any problems it has. kre