ietf
[Top] [All Lists]

RE: draft-ietf-v6ops-natpt-to-historic-00.txt

2007-07-02 13:45:51
Without going down the rathole, it was my lack of success in persuading people 
not to deploy active content that makes me extremely concerned about making 
'NAT is evil' pronouncements.

Default Deny is intended to mitigate some of the effects of malware however. 
Traditionally the attitude has been that any compromise of the host means 'game 
over'. Today we recognize that this is simply not the case. We may not be able 
to stop the bad guys from emptying your bank account but we can certainly 
reduce their criminals ability to use that compromised machine to attack other 
machines in the network.

It makes a huge difference to the banks I work for if the cost of maintaining a 
bot is $1/month or $10 or $100. The lower the profits the criminals make the 
fewer criminals we have to deal with.



From: Noel Chiappa [mailto:jnc(_at_)mercury(_dot_)lcs(_dot_)mit(_dot_)edu] 
Sent: Monday, July 02, 2007 3:08 PM
To: ietf(_at_)ietf(_dot_)org
Cc: jnc(_at_)mercury(_dot_)lcs(_dot_)mit(_dot_)edu
Subject: RE: draft-ietf-v6ops-natpt-to-historic-00.txt

    > From: Christian Huitema <huitema(_at_)windows(_dot_)microsoft(_dot_)com>

    > the IETF evolved from an informal gathering where engineers will
    > agree on how to do things, to a reactive body that 
mostly aims at
    > controlling evolution of the Internet. Is that really 
what we want?

I'm glad you used the work "aims to control", because in 
reality the IETF has very little control of what happens. But 
still these arguments go on, about stuff like NATs and IPv6.


Meanwhile, according to a study be people from Google which 
looked at a random sample of about a million web pages, *at 
least one in 10* web pages are booby-trapped with malware 
(defined as "contain[ing] scripts to install malicious code, 
such as Trojans and spyware") - and I won't even get into how 
people have discovered how to put viruses in not just Word 
files, but also QuickTime movies, PDF files, etc, etc.

(I am utterly disgusted that my profession rushed to deploy 
active content, when it should have been obvious that it was 
a giant raft of security problems just waiting to happen, but 
let's not go down that rathole.)

Anyway, for the average ordinary-person network user, they 
now have a good chance of having their computer taken over 
while simply browsing the web (even on sites one would think 
are OK like eBay, YouTube, and MySpace), thereby subjecting 
themselves to losing credit card or bank account data, or 
even identity theft.


Needless to say, for the average person, this is one heck of 
a lot more important that stuff like NAT and IPv6, and if it 
gets much worse, people are going to start bailing out.

But the IETF can't do anything to fix that, either.

The IETF needs to get a grip.

      Noel

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>