On Mon, 2009-06-08 at 14:22 +0900, Masataka Ohta wrote: > As you say "IN NETWORKING", I'm afraid you haven't read his original > paper "END-TO-END ARGUMENTS IN SYSTEM DESIGN", which is on "system > design" in general and not necessarily "in networking". For example, > in the original paper, RISC (Reduced Instruction Set Computer) is > given as an example of end to end design. Er, no. The article states: "The arguments that are used in support of reduced instruction set computer (RISC) architecture are similar to end-to-end arguments." I.e. the arguments for end to end are similar to the arguments for RISC. This is not the same as saying that RISC is an example of end to end design. > Both of the papers are freely downloadable. > > The original paper: > > http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf > > The paper in 2001: > > http://www.csd.uoc.gr/~hy558/papers/Rethinking_2001.pdf > > You should have read both of them to make the dinner more valuable. > [Interesting articles, which took me back to discussions 20 years ago as regards connectionless vs. connection oriented networks.] It is clear from both of these that the basic subject is data communication over a communication system. Thus the second article quotes from the first article thus: "The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the endpoints of the communications system. Therefore, providing that questioned function as a feature of the communications systems itself is not possible." So the basic object under consideration here is a "communication system". It is clear from the first article that what is envisaged is a layered model, (c.f. the conclusion). I would not be surprised if this kind of thinking was input to the development of the OSI model for data communications, which does set out to assign to each layer an appropriate function. The basic thesis of the article is that functions concerned with, for instance, security and reliability are best done in the upper layers, even the top (application) layer, as the application cannot rely entirely on the lower layers to "do their stuff". Thus "end to end" is about communication from one application layer to the peer application layer down through the layers at one system, and then up through the layers at the other system. So, I would paraphrase the "end to end design principle" as the "application to application" design principle. I note that in models like the OSI model, only the lowest layer have intermediate systems. (That's why layer 3 is called the network layer). The article in no way implies that it is the existence of intermediate systems which is the deciding factor in the design. "End to end" is not in contrast to "hop by hop". So, applying this to DNSSEC's PKI, this is clearly an application layer security system. The system does not depend upon the security or reliability of any lower layers (or, indeed, intermediate systems). So, it would seem to fit the "end to end design" of this article. The second article is a discussion about how the end-to-end design principle might need to be modified in the light of the realities of the modern Internet. In the present context of DNSSEC, the discussion of trust is important. best regards David _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf