margaret(_at_)thingmagic(_dot_)com (Margaret Wasserman) wrote on 23.11.04 in
<p0602041fbdc8cdee09b3(_at_)[192(_dot_)168(_dot_)2(_dot_)2]>:
The average Internet user (home user or enterprise administrator)
does not care about the end-to-end principle or the architectural
purity of the Internet.
Maybe not the average usr, but a pretty large subset *does* care - because
it makes it extremely hard to do what they want: to make a connection to
their small business network (behind a dynamic IP) from somewhere else
(also behind a dynamic IP).
It's possible (using one of a large number of dynamic DNS providers), but
it is neither obvious nor trivial - in fact, it is hard for them to
understand even what the problem is.
I just yesterday talked someone through this - a (small) business net
admin wanting to access that net from home. This was someone who does
database programming and at least sometimes creates networks for
customers. And he *still* had a hard time with the consequences of dynamic
IP and NAT.
No, it's not the majority - but yes, it *is* a pretty significant subset.
You don't need to be all that far apart from average to bloody your nose
on this.
(2) One-way connectivity could be provided via stateful firewalls
instead of via NAT.
You don't need all that much state for most of the protection. Just
looking at TCP SYN does cover about 75% of the problem, I'd say, and
that's completely stateless. (Not to say that the other 25% aren't
important.)
MfG Kai
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf