In a message written on Sat, Oct 18, 2003 at 07:39:37AM -0700, bmanning@karoshi.com wrote:
why the heck does the IAB think they should tell me how to run my network?
I think the IAB has a legitimate point. Network operators rely today on the fact that different services use different ports, so they can block particular types of access/behavior by blocking ports. However, this behavior has already started to change how applications work. We've all seen the streaming media clients, or IM programs that will use port 80 to get past a firewall, even though they are not http traffic. Virus writers have done the same thing. New VPN technologies use SSL, on the SSL web server port, but then send IP packets over them, not web requests. There is a real danger that long-term continued blocking will lead to "everything on one port" (probably 80). This will have the end result that ISP's will be unable to filter out the bad traffic anymore by using a port based filter, nor will they be able to collect statistics or other usage data. Additionally, this moves the problem up the stack as if everything runs on port 80 some "intelligent" demuxer will be needed at a higher layer for a box that wants to run multiple services. I'm not saying ISP's shouldn't filter, but the long term filtering is a problem. It will cause application developers to do things that will make long term filtering not work, in the end. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org