--On 17 February 2004 12:17 -0800 Tony Hain <alh-ietf@tndh.net> wrote: [with apologies for rearrangement]
The Internet has value because it allows arbitrary interactions where new applications can be developed and fostered. The centrally controlled model would have prevented IM, web, sip applications, etc. from ever being deployed. If there are any operators out there who still understand the value in allowing the next generation of applications to incubate, you need to push back on this tendency to limit the Internet to an 'approved' list of ports and service models. ... Seriously, filtering is about attempting to prevent the customer from using their target application. Central registration is no better, as its only purpose is exercising power through extortion of additional funds for 'allowing' that application.
Quite right in general. However a) Some forms of filtering, which do occasionally prevent the customer from using their target application, are in general good, as the operational (see, on topic) impact of *not* applying tends to be worse than the disruption of applying them. Examples: source IP filtering on ingress, BGP route filtering. Both of these are known to break harmless applications. I would suggest both are good things. b) The real problem here is that there are TWO problems which interact. It is a specific case of the following general problem: * A desire for any to any end to end connectivity using the protocol concerned => filter free internet * No authentication scheme Applying filters based on IP address & protocol (whether it's by filtering or RBL) is in effect attempting to do authentication by IP address. We know this is not a good model. People do, however, use it because there currently is no realistic widely deployed alternative available. Those that are currently available (e.g. SPF) are not widely deployed, and in any case are far from perfect. Whilst we have no hammer, people will keep using the screwdriver to drive in nails, and who can blame them? Alex