On Fri, 25 Oct 2002, Paul Vixie wrote:
Not only that, but unless _everyone_ implements 2 and/or 3, all the bad people that exploit the things these are meant to protect will migrate to the networks that lack these measures, mitigating the benefits.
not just the bad people. all the people. a network with 2 or 3 in place is useless. there is no way to make 2 or 3 happen.
AOL? I believe they proxy almost all their subscribers through several large datacenters, and don't allow users to run their own servers. @Home prohibited customer servers on their network, blocked several ports, and proxied several services. Its common for ISPs outside of the US to force their customers to use the ISP's web proxy server, even hijacking connections which attempt to bypass it. As part of their anti-spam efforts, several providers block SMTP port 25, and force their subscribers to only use that provider's SMTP relay/proxy to send mail. Why not extend those same restrictions to other (all) protocols? Many corporate networks already proxy all their user's traffic, and prohibit direct connections through the corporate firewalls. I think its a bad idea, but techincally I have a hard time saying its technically impossible.