[e2e] New approach to diffserv...

Vernon Schryver vjs at calcite.rhyolite.com
Sun Jun 16 09:19:16 PDT 2002


> Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161])
> 	by calcite.rhyolite.com (8.12.3/8.12.3) with ESMTP id g5GFtdig020010
> 	for <vjs at calcite.rhyolite.com> env-from <end2end-interest-admin at postel.org>;
> 	Sun, 16 Jun 2002 09:55:39 -0600 (MDT)

> At 11:00 AM 6/16/02 -0400, David P. Reed wrote:
> >Not true.   I think you'd find if the edges did a very simple thing
> >(encryption of all traffic), that network owners would *have* to
> >involve the edges in policy, and market forces would cause the network
> >owners to seek to please customers rather than control them.

Anyone who can but fails to run STMP-TLS, particularly around here
is part of the problem.  Why didn't boreas.isi.edu go along with
calcite.rhyolite.com and use SMTP-TLS?  To keep out competently
implemented boxes in the middle, isi.edu might need to publish or
buy a key, but that isn't hard.


> From: Melinda Shore <mshore at cisco.com>

> A really interesting thing is happening here.  If you talk to
> people who run enterprise networks and explain to them that 
> through the use of firewalls and NATs they're interfering with
> the ability to protect application traffic, they'll tell you
> that they know that and it's part of why they do it.  They
> perceive a need to put tight controls on what goes out of their
> networks as well as what's permitted in, and it's not that
> uncommon to find businesses that even require the use of company
> proxies for outgoing ssh connections.  

How do their concerns differ from the concerns of those running
AOL's SMTP interception proxies?

My impression is that talk about SSH proxies is more than "not uncommon."
However, when it is time to expend the effort of making them work,
people often discover they're too busy exercising their urge to control
where less effort is required.  This has nothing to do with whether
very good cases can be made for such filtering, but with the fact that
the real motives are often other than admirable.

> End-to-end networking puts control into the hands of end users
> and their applications.  The people who own the networks in
> question may not, in many, many cases, think that's a good thing.

The motives for such things are far older than computer networks or
computers.  Sometimes the motives are good and the overall effects are
desirable.  The rest of the time, they need the dark of ignorance and
laziness to thrive.  The evils of middleboxes are part and parcel of the
reasons why boreas.isi.edu, and for that matter, the IESG's new mailman
machinery aren't bothering to do SMTP-TLS.


Vernon Schryver    vjs at rhyolite.com




More information about the end2end-interest mailing list