[e2e] 100% NAT - a DoS proof internet

David P. Reed dpreed at reed.com
Tue Feb 21 09:04:24 PST 2006


alok wrote:

>Any chances that NATs will no longer be stateful?
>  
>
The danger is the other direction - every vendor and his brother wants 
to put state into the relay nodes (routers, firewalls) because they 
think that blocking communcations is the route to power (for their 
version of "good") over the Internet.  The current craze in 
"communications economics" is the argument that no sustainable business 
model can support deployment of expensive routers unless those routers 
decode and understand every bit of every packet and determine how much 
to charge for each bit.

"If only we can block all choice in communications, everybody will be 
perfectly safe" is how I paraphrase (in admittedly hyperbolic form) 
about 99% of the security "experts" on the planet already.   And now we 
have the self described "economics experts" suggesting blocking as a way 
to build revenues.

This is a vicious recursive cycle, because more stateful inspection and 
analysis just increases the investment and adds points of vulnerability 
to "attack".   So it seems inevitable that we will end up with the 
perfect, 100% unconnected Internet of 2010.  (innovation also goes out 
the window, but I think the mere trend towards disconnection has already 
pushed most of the innovators away, because they look farther down the 
road and see the problems).





More information about the end2end-interest mailing list