On Wed, Sep 19, 2007 at 12:08:38PM -0400, Keith Moore wrote:
Paul Vixie wrote:
yes, but do you think that was because that ietf was powerless to
stop [NAT], or because that ietf was willing to let consenting
adults try out new ideas? i was there, and from what i saw, it was
the former.
IETF has very little power, if you can call it that. IETF can try to
suggest good ways of doing things quickly enough that the good ways get
adopted before bad ways do, or it can recommend against bad ways of
doing things. The former is much more effective. It pretty much failed
to do either in the case of NAT. I remember a lot of concern being
expressed, but a strong reluctance to make any statement - perhaps due
to lack of consensus about how bad NATs were and what, if anything,
could be proposed as a better way.
FWIW, I think NAT would have happened, IETF or no. There were people
who needed a solution, and had the money to pay for it, and there were
people who could provide the solution, and were willing to do the work.
It raises the question of whether there are circumstances where it's
reasonable to bend the end-to-end principle, such as when there is a
large "user" community that wants inexpensive Internet access (but is
willing to live without IP access).
the underlying problem was that people in the field didn't want universality
among endpoints, either for security or policy reasons, and people in that
ietf wanted universality among endpoints -- a single addressing system and
a single connectivity realm. that ietf said, you don't really want that,
you
should use the internet as it was intended, and solve the problems you're
having in some way that preserves universality of endpoints. the field
said,
you are completely out of your minds, we're going to ignore ietf now. then
later on, ietf said, if you're going to do it, then we ought to help you
with
some standards support.
That's not quite how I remember it from my POV. Some people were very
concerned about ambiguous addressing. I don't think universal
connectivity was as big a concern - it's not like IETF people expected
everyone to run open networks. But mostly there was a lot of unease
and uncertainty about NATs. Very little analysis was done. And I don't
think that NAPTs were initially seen as the normal case.
I remember such arguments. I also remember an argument that NATs were
being marketed as security devices, when in fact they did not provide
the actual level of security implied. RFC 3724 bears this out.
which is why i'm proposing a standard of "demonstrable immediate harm"
rather
than the current system of "that's not how you should do it" or "that's not
how i would do it".
That's the wrong standard, it sets the bar way too low. IETF shouldn't
endorse anything unless it has justification to believe it is good; IETF
should not discourage anything unless it has justification to believe it
is bad. And that justification should come from engineering analysis
(or measurement, if it's feasible). Sadly, a lot of people in IETF do
not have engineering backgrounds and don't understand how to do such
analysis. This is something we need to change in our culture.
Based on some recent experiences, this type of analysis is not as
valued in the industry as it used to be. It's much more valued to be
a crack programmer; someone who can rapidly deploy something that can
be quickly brought to market. At least in the current economic
climate, I don't think there is much that can be done to change this.
Another issue is that the networking industry in general is losing
people to other disciplines, such as gaming, virtualization, and
Internet search, not to mention careers outside of the computer
industry.
--gregbo
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf