Keith More writes:
I don't think so in either case. The reason I don't think so is that I
suspect the NAT traversal problem is really a firewall traversal problem
in disguise.
Absolutely, and that is why there needs to be a permissions system that allows
effective decisions to be made without the need for human administrative
decisions on a case by case basis.
I described one way of doing this in my book. Devices need to authenticate
themselves to the network and they need to be able to specify the precise range
of services they offer and require.
If you plug a Playstation into the home network, the network security policy
should be something like:
* The Playstation has unrestricted access to the Internet, including the
ability to open inbound ports in the range xxx-yyy and make outbound
connections to such
* The Playstation can report status via SNMP and hook into the backup sub-system
* The Playstation cannot route packets to any other device on the network under
any circumstances.
I do not want to run the playstation with unrestricted network access. I
certainly do not want it sending or receiving SMTP mail.
This is not just a protocol design issue, it is a platform architecture issue.
I see the future as being a mixture of single purpose devices that have a
specific function and can be safely granted highly restricted access with few
worries and more complex multi-function platforms (computers, mobiles) that
serve multiple functions are require partitioning enforced at the kernel level.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf