Hi Bob;-)... And all;-)... At 12:17 -0700 6/18/03, Bob Braden wrote: > *> Keith wrote: > *> > If you want to address denial of service issues you need protocol > *> > enforcement points. > *> > *> NAT is a denial of service attack, not a means of policy enforcement. > *> > *> > *> > >Keith, > >I think it would be more accurate to say that a NAT contravenes >the basic Internet prnciple of universal connectivity. > >Since 1980 we have believed that universal connectivity was one of the >great achievements of the Internet design. Today, one must >unfortunately question whether universal connectivity can be sustained >(or is even the right goal) in a networking environment without >universal trust. Maybe NATs are, in fact, a result of a very deep >problem with our architecture. If you accept that, then there is no >point in attacking NATs until you can propose a better architectural >solution to the trust problem (hopefully, there will be one!) > >Bob Braden Here! Here! Exactly -- Trust in all the people on the net all the time failed with the well received demise of the NSF AUP (1994) and the fact that misbehavior then no longer threatened loss of Internet access privileges. This was not widely recognized as a possible at the time, much like the fact that the Internet has no center and hence has no place to locate a "Central Control Center" which is another contributor to the loss of trust, and which prohibits solving the trust problem with centralized enforcement of rules of trust, if any such rules might possibly exist. This of course is one reason why PKIX is not able to deliver public trust, because PKIX requires a single Central Control Center to enforce rules of trust (whatever those rules might be), and we have already discussed how it is that PKIX CA's suffer from lack of trust induction among their users. So, one fundamental issue in this whole situation is that the basic "Internet Operational Model" that underlays these aspects being discussed here is not a realistic model for situations with no available "Center". I model the Internet more accurately with our present International Economy, where again, there is NO CENTER, and thus no place to locate a control center for that economy. The decisions that drive the economy depend on interpersonal trust which is developed via multiple channels of information flow derived from many different communication paths. Trust is only derived from accumulated information obtained from multiple channels of information flow. In the U.S. there is no central control for the National Economy. And, I have been saying for years that pretty much every one that ever had a centrally controlled Economy, by now wishes they did not have one. Even China is working its way as carefully as possible to become a free economy, trying to avoid the collapse that Russia experienced during such a period of change. The Internet did it like Russia did it, without understanding that it was happening and not dealing with the need for new trust induction tools and processes. So, I think all of you out there will agree that we do not want a return to a centrally controlled Internet, even if we could have one, so let's stop pretending that such a thing can exist, and start working on ways to induce trust among ourselves for all of our own private reasons to have trust among us in this "uncontrolled space". Many hark back to the good old days of the trusted users of he ARPAnet, but those days are long gone, when we all had to worry about losing our access privileges. I very well recall my efforts to retain my privileges over those years of serving as an independent consultant with no permanent sponsor! Serving as the "Moderator" of MsgGroup for 11 years from 1975-1986 helped to carry me along until 1987 when NSFnet made it easier for me to manage. >From my management consulting experience along the way, I strongly recommend that we learn to live together in our "open information economy" and avoid attempts to apply central controls to build mutual trust. The Internet is a Internetwork of Internets. It is not a network! To repeat, it has no center, and further, does not even have any edges. It is just a manifold of information transit pipes, each of which can be made to communicate with any other transmission pipe, by taking appropriate actions, without permission from any central governing agency! Not even ICANNic. Cheers...\Stef;-)...