Re: Why?

On Tue, Mar 15, 2005 at 07:37:29AM -0500, Keith Moore wrote:

I'm not sure they're the same people in both cases.  but here's a 
litmus test - if there's not a token for any host A that host B can 
hand to host C at some arbitrary location in the network and have C use 
that token to quickly and reliably establish a connection to A (modulo 
access control) then the architecture is dysfunctional.  or to put it 
another way - if DNS or a similar name-to-locator (or 
name-to-identifier+locator) translation mechanism requires special 
knowledge to make it work, that isn't available to "ordinary" apps, the 
architecture is dysfunctional.


While I would agree with you, I think that horse has left then barn so
long ago that the door has rotted and fallen apart.  Just to give one
example beyond that of NAT's and RFC 1918 addresses --- consider
internal/external split DNS arrangements.  They are occasionally used
as a hack to get around the problem that we don't have a reliable
(location-specific) service location service that all applications can
be trusted to use.  (I.e., when you are attached to the home network,
use this set of MX records, but if your laptop is connected to the
IETF conference wireless network, use this *other* set of MX records.)
So given that the only tool network administrators have is the DNS,
there are tools which effectively use internal DNS views as a crowbar
to effectively turn (some) URL's into URN's.

It's ugly, and gross, and everyone who uses such a hack should be
ashamed --- including myself, since I found it was easier to use an
hacked split DNS setup for my home network instead of going around and
changing all of the applications I cared about.  

Does that mean that the Internet Architecture is dysfunctional?
Perhaps, but then again, I'm beginning to have a lot more sympathy
with the point of view that we all come from dysfunctional familieis;
the only question is how dysfunctional.

The real problem though is that because of limitations in the Internet
architecture that have been with us for decades --- and this goes
beyond whether or not addresses are 4 bytes or 8 bytes or 16 bytes,
and whether we have a host identifier and routing component in the
address --- we have this huge installed base of applications,
conceptual maps of how to solve problems in network administrators,
security policies at corporations that effectively dictate things like
NAT's, private address spaces, and split DNS setups, which is
extremely hard to overcome.  And we really expected IPv6, which after
all really only increased the number of addressing bits, to address
all of these issues?  How much like an engineering organization....

                                                - Ted

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Why?, (continued) RE: Why?, Michel Py Re: Why?, Noel Chiappa Re: Why?, JFC (Jefsey) Morfin Re: Why?, Keith Moore RE: Why?, Michel Py Re: Why?, Brian E Carpenter Re: FW: Why?, JFC (Jefsey) Morfin Re: FW: Why?, Juergen Schoenwaelder Re: Why?, Noel Chiappa Re: Why?, Keith Moore Re: Why?, Theodore Ts'o <= Re: Why?, Keith Moore Re: Why?, Brian E Carpenter RE: FW: Why?, Pyda Srisuresh RE: FW: Why?, Tony Hain Re: Why?, David R Oran RE: Why?, Michel Py Re: Why?, Noel Chiappa Re: Why?, Keith Moore RE: FW: Why?, Noel Chiappa