Without going down the rathole, it was my lack of success in persuading people not to deploy active content that makes me extremely concerned about making 'NAT is evil' pronouncements. Default Deny is intended to mitigate some of the effects of malware however. Traditionally the attitude has been that any compromise of the host means 'game over'. Today we recognize that this is simply not the case. We may not be able to stop the bad guys from emptying your bank account but we can certainly reduce their criminals ability to use that compromised machine to attack other machines in the network. It makes a huge difference to the banks I work for if the cost of maintaining a bot is $1/month or $10 or $100. The lower the profits the criminals make the fewer criminals we have to deal with. > From: Noel Chiappa [mailto:jnc@xxxxxxxxxxxxxxxxxxx] > Sent: Monday, July 02, 2007 3:08 PM > To: ietf@xxxxxxxx > Cc: jnc@xxxxxxxxxxxxxxxxxxx > Subject: RE: draft-ietf-v6ops-natpt-to-historic-00.txt > > > From: Christian Huitema <huitema@xxxxxxxxxxxxxxxxxxxxx> > > > the IETF evolved from an informal gathering where engineers will > > agree on how to do things, to a reactive body that > mostly aims at > > controlling evolution of the Internet. Is that really > what we want? > > I'm glad you used the work "aims to control", because in > reality the IETF has very little control of what happens. But > still these arguments go on, about stuff like NATs and IPv6. > > > Meanwhile, according to a study be people from Google which > looked at a random sample of about a million web pages, *at > least one in 10* web pages are booby-trapped with malware > (defined as "contain[ing] scripts to install malicious code, > such as Trojans and spyware") - and I won't even get into how > people have discovered how to put viruses in not just Word > files, but also QuickTime movies, PDF files, etc, etc. > > (I am utterly disgusted that my profession rushed to deploy > active content, when it should have been obvious that it was > a giant raft of security problems just waiting to happen, but > let's not go down that rathole.) > > Anyway, for the average ordinary-person network user, they > now have a good chance of having their computer taken over > while simply browsing the web (even on sites one would think > are OK like eBay, YouTube, and MySpace), thereby subjecting > themselves to losing credit card or bank account data, or > even identity theft. > > > Needless to say, for the average person, this is one heck of > a lot more important that stuff like NAT and IPv6, and if it > gets much worse, people are going to start bailing out. > > But the IETF can't do anything to fix that, either. > > The IETF needs to get a grip. > > Noel > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf