On 06/04/2015 01:16 PM, Christopher Morrow wrote:
On Thu, Jun 4, 2015 at 5:11 AM, Owen DeLong <owen@delong.com> wrote:
I’d argue that SSH is several thousand, not a few hundred. In any case, I suppose you can make the argument that only a few people are trying to access their home network resources remotely other than via some sort of proxy/rendezvous service. However, I would argue that such services exist solely to provide a workaround for the deficiencies in the network introduced by NAT. Get rid of the stupid NAT and you no longer need such services. This is an interesting argument/point, but if you remove the rendevous service then how do you find the thing in your house? now the user has to manage DNS, or the service in question has to manage a dns entry for the customer, right? A large part of my heartburn with this is the proliferation of unidentified rendezvous services with no hint of SLA or anything that are burned in to things like door locks, thermostats, washing machines, etc etc. (also no hint of where and even what country has the rendezvous in question...) Once I've equipped my house with IoT devices, there will be a bunch (hundred?) outbound connections to different rendezvous services. Nothing in the box or literature identifies the server(s) in question either. (and likely most of them don't even use https.) You want your door lock and thermostat to effectively publish when you are away for a couple of weeks, onto someone else's unidentified server? At least dns rendezvous allow endpoint security if the manufacturer even thinks about that...
-- Pete ....