Re: FTP and file transfers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Oct 5, 2017, at 7:37 AM, Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:

UDP and TCP are the only ones that are not obsolete. 

IPv4 is replaced by IPv6.

IPv4 is not deprecated by IPv6. There are no “obsoleted by” marks on 791. 

Telnet is obsoleted by SSH, etc. ICMPv4 to ICMPv6.

See above - same comment. These are both in active use and not deprecated or obsoleted by anything. 

I think we should just get rid of ARP.

We can’t until we get rid of IPv4. 

People chatter about 'IP end to end' yet the local network is unmanageable because there are two levels of addressing and only one of them is visible.

I would like to replace my Ethernet hubs with IP switches that simply ignore the ethernet MAC.

Yet we have TRILL, which is doing some of the opposite (pushing IP style forwarding support into Ethernet).

I neither need nor want support for appletalk, Novell or Chaosnet.

Perhaps, but you do use Ethernet all the time right now or things that look very similar at the link layer (bluetooth, USB, etc). 


There is no need for an address at the link layer, it is a piece of wire. 

Point to point wires don’t need addresses but shared links or subnets that emulate shared links do need addresses. 

And if you ditch the Ethernet, where do you get the low order bits of your IPv6 address?


Reducing the IEEE layer to the hardware and physical properties is quite practical. All it would take is a little bit of co-ordination. It is essentially STARTTLS at the link layer.


* Assign one MAC address for use as a version number.

* When a pure IP device plugs into a pure IP switch, it begins by announcing itself with the reserved MAC address. If the switch returns the reserved response, the device knows it can upgrade. Otherwise it defaults back to legacy mode.

* A Pure IP session begins with a handshake, cryptographic authentication and negotiation of the link layer encryption. Because you should always encrypt when you can.

* Once the handshake is complete, packets moving from one pureIP device to another across the switch are only limited by the IP maximum size, not the 1500 or 9000 byte limits of yore. 

* The switch performs ingress filtering so that a device can only source packets that it has been authorized so source. It also maintains logs of recent activity so that the source of network issues can be identified immediately. Current networks are a nightmare because one faulty process on one machine can saturate a hub.


The advantages of this would be

* Higher throughput due to maxsize frames and no ethernet frame header

* Simplified administration. Packets only route via deterministic IP tables. There are no heuristics, no broadcast packets mucking everything up. The causes of network storms are logged and traceable (by an authenticated, authorized admin).

* Security. Packets are encrypted at the link layer. This defeats traffic analysis attacks on traffic only encrypted at the transport layer or higher.

There are complexity costs to giving up on shared links or emulations thereof. We’re not there yet at all. 

Joe





On Thu, Oct 5, 2017 at 8:19 AM, Joe Touch <touch@xxxxxxxxxxxxxx> wrote:



On 10/4/2017 1:45 PM, Phillip Hallam-Baker wrote:
FTP is pretty much the only protocol we use today where the most up to date version of the base RFC is still has a three digit number. 

TCP, IPv4, UDP, ARP, ICMPv4, telnet are also in that antiquated class.

Joe


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]