I do not believe that it is difficult to design fire and forget systems for the home. The problem is not design, it's the politics. Apple has gone a long way towards doing just that, and they have brought a lot of manufacturers with them. They have approached the problem with a more feasible political approach than other attempts. The usability issue is serious but not insurmountable. I have made my own proposal for dealing with this issue in my ID Domain Centric Administration: http://www.ietf.org/internet-drafts/draft-hallambaker-domain-centric-00.txt Since writing that draft I realize that an area that I need to work on further is to provide a standard means of creating self signed certs or locally issued certs for devices that do not come with an installed device certificate (this is already standard for DOCSYS cable modems). I currently have eight machines hanging off the home network. What I am currently trying to do is to work out how to cluster three separate home networks at three different sites so that the cousins/granchldren and grandparents can all use video conferencing. This turns out to be a much harder task than it needs to be. There seems to be an omerta amongst the suppliers of videoconferencing type applications that none of them will reveal the protocols they use or the ports and if they will reveal the ports they will insist on sitting on the same port that my VOIP service uses. But I suspect that in five years time I will have at least fifty IP addressable devices, hopefully more. For a start I want every lightswitch to be IP connected, and the burglar alarms and the individual phone handsets. Also the heating/AC systems and the hot tub. I also want my digital cameras to automatically upload pictures when I enter the house and I want all data storage on all the machines on the house to be constantly and transparently backed up both onsite and offsite (none of your daily backups rubbish, I want the data backed up while the original is written). It is all do-able with technology we have in place today. A reviewer of my book just told my publisher that what I propose is nothing new or original. Which means that either the reviewer is wrong or we should not have any difficulty getting it on the shelves for next Xmas. Apparently at MBA school the students are taught that markets for technology go through a series of phases. In the first phase merely delivering technology is enough, once basic functionality is delivered the market competes to provide usability, next comes reliability, eventually the market is driven by fashion. This happened in the auto industry. Early cars barely worked at all, every journey was an adventure. In the 1920s Ford broke the automobile patent and built a car for the common man, a car that did not need the skills of a mechanic to drive. Reliability improved gradually until the 1970s when there was a sudden realization that consumers would pay more for a car that was not designed to rust. Today most cars will go 10,000 miles between services and not need major repairs beyond a clutch plate for 50,000 or even 100,000 miles. A lot of network technology, particularly security technology has only just emerged from the technology delivery phase. Instead of waiting ten years between phases why not just deliver it all now and give the MBA graduates a shock? We have all the technology we need, all we need to do is to recognize that in the network of the future there can be no network administrators who spend their time doing the footling tasks that eat 90% of a network managers time today. We can't have real home networks happen until network administration is automated at the same level that the functions of the car are today. > -----Original Message----- > From: Steven M. Bellovin [mailto:smb@xxxxxxxxxxxxxxx] > Sent: Friday, August 17, 2007 8:54 PM > To: Joel Jaeggli > Cc: Keith Moore; ietf@xxxxxxxx > Subject: Re: IPv6 addresses really are scarce after all > > On Fri, 17 Aug 2007 17:01:39 -0700 > Joel Jaeggli <joelja@xxxxxxxxx> wrote: > > > Keith Moore wrote: > > >> It seems likely that cable mso's similar will dole out /64's to > > >> customers one at a time, I suppose that's acceptable if not > > >> necessarily desirable and will probably still result in > the use of > > >> nat mechanisms in end systems. > > >> > > > that's COMPLETELY unacceptable. > > > > Well lot's of people still think things like "why would home users > > ever subnet" but when you walk into a decent electronics superstore > > these days you can buy: > > > > terabytes of network attached storage > > HD video streamers > > wireless voip handsets or dual mode wifi/cellular phones building > > control and security systems that plug into ethernet or hang out on > > your wifi vlan capable managed switches that cost $150 > > > > At some point you stop wanting to have all those devices on > the same > > network if for no other reason than to keep your multicast HD video > > streams from clobbering your ip phones, and around that > same point the > > needs of a household of 2-6 people plus visitors start to > look a lot > > like those of a heavily technology enabled small business. > Have two or > > more wage earners that work for large enterprises and have > vpn tunnels > > and associated network peripherals and you have issues that > can keep > > consultants employeed for some time... > > > > This is a fairly unusual problem right now, but it won't be > for long. > > > I'm not sure what your point is -- I took Keith's comment to > mean that home NATs with v6 were completely unacceptable. > > I agree with you on the desirability of home routers, though > it's going to be an interesting challenge to build "fire and > forget" boxes for the house. Of course, I'm the kind of guy > who already has 3 (and sometimes > 4) segments on my home LAN, so I suppose I really need home > routers that speak OSPF.... > > --Steve Bellovin, http://www.cs.columbia.edu/~smb > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf