Re: NATs as firewalls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Mar 9, 2007, at 10:17 PM, David Morris wrote:
In the low end bandwidth space I play, a extra 192 bits on every packet is significant to end user performance. As others have noted, it seems like the fairly effective anti-spam technique of associating reputations with network addresses will be stressed by exploding the number of addresses ... stressed because the originators of spam will be able to be more agile and because the memory and CPU required to track such reputations explodes.
Perhaps by the time IPV4 scarcity is a critical economic issue, the continuing trend of cheaper faster last mile internet connectivity as well as server system capability cost reductions will converge... or perhaps some combination of legal and techical solutions will push spam into the noise level. Etc.
Unwanted traffic will likely become much worse. DKIM is an example of how it took years to define a domain-specific cryptographic signature for email. Although defining a signing policy remains, it is doubtful the results will prove practical at controlling cryptographic replay abuse in a diverse network landscape. Where a responsible signer might rate-limit account holders or exclude bad actors, some means is still needed to authorize transmitters to determine whether an assumption of control is still valid. DKIM has no safe provision to authorize transmitters unless within the domain of the signer. It seem unreasonable, when considering how diverse a IPv4/IPv6 landscape will become, to then expect all related network providers will obtain a zone from each of their customer's domains and configure it for each of the protocols. That constraint represents an administrative nightmare.
DKIM can be adjusted, but can this be done within a suitable timeframe? Without a name-to-name authorization scheme, controlling abuse will remain by the IP address. When those addresses happen to be gateways into IPv4 space operating as giant NATs, the collateral impacts will make today's problems seem like the good old days. Retaining an open system of communication may then become untenable, and that would be a shame. 

-Doug




_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]