Jack Bates wrote:
I fully expect malicious code and even users to disable the handshake. That's fine. If a user happens to become infected, then they can be suspended or transfered to *must* perform handshake.
Not everyone uses antivirus software. Not everyone will patch the security holes in their current software. Many would object to having to perform patches and delay their Internet surfing. Yet with such a protocol, a way could be provided for allowing a user to establish a connection which only allows them to fix their system without the outside world able to attack them and vice versa. Once patched, the system would recognize them as patched and allow full IP connectivity.
Imagine how nice it would be if someone buying an XP machine this morning could actually connect to the Internet, patch their system, and be able to use the Internet without ever having their RPC exploited. If a user is infected with a virus, wouldn't it be nice if they could purchase A/V software and then be able to perform updates and clean their system without causing any harm to the network?
I would like to see such functionality to be used for good purposes like you provide. However, since the world has it´s share of people who block ICMP because it´s all evil and break PMTU and other similar things, this technology should be deployed with caution to avoid collateral damage. Who picks up the bill if a windows machine across a DSL line gets infected, you apply filters to the connection and subsequently block the E911 VoIP call from the same subnet? Pete