On 8/1/24 15:28, John Levine wrote:
At the risk of ocean boiling, there are a lot of internets that are not the Internet, and often they are more like the early Internet: the operator knows who all the users are, none of them are likely to be hostile, and the computing resources are severely limited. It would be interesting, albeit a lot of work, to look at our protocols and see how many remain appropriate for that kind of environment even if no longer for the modern hostile Internet.
I agree that there are a lot of IP-based networks that aren't the Internet, but I don't know how much they're like the early Internet.
Few of these networks, for example, are completely disconnected
from the public Internet, and which are assured to have no
connections to unauthorized hosts, unless perhaps their operators
take extraordinary measures. (I know of factory environments,
for example, that have active monitoring of frequency used for
WiFi, so that if anyone hooks up a wireless access point to their
network, they know immediately, and people show up to shut it down
immediately.)
So I think the exercise would be extremely useful, but we need to
be careful about how we define "that kind of environment."
I've lost count of the number of people I've helped develop
network-accessible products for, who said something like "we don't
have to worry about outside threats, because everything will be
behind a NAT." Wrong.
These days you can't even assume that keeping the WiFi password
secret is sufficient to keep hosts from communicating wirelessly -
many hosts can communicate wirelessly with other hosts without any
kind of authorization.
Keith
