Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
Interoperable with what? Probably as a solution to this question, the logo yanking process should basically boil down to, a system of checks and balances, as originated by someone who isn't happy with a vendor. Kind of like an Ombudsman in the standards community who's power is to reduce the marketability of a given product. Over time this power could grow significantly, and become very critical. If it did, that would be wonderful for everyone, because interoperability, as a whole benefits the Community as a whole, and puts the emphasis on superior implementations, and not on standards control. I.e., the issue be raised by whoever has the grievance with a given, logo-endowed vendor. He/she makes a list of the specific interoperability problems they are having. This is then submitted, in some official capacity to both the vendor and the ISOC. If the ISOC (or some other group / committee in charge of this) feels the complaint is a justified violation of good faith interoperability, they can submit it to the vendor, and say they are beginning the procedure for logo yanking. It should take maybe 12 months (maybe longer for some hardware issues) and give the vendor double the normal time. I guess it would need to be enforced by whatever Ultimately the process of logo yanking really amounts to the process of taking away a benefit, as opposed to a punishment. Being able to put the logo on a product is certainly a significant benefit, from a marketing standpoint. If the logo becomes recognized and enforced in contracts, it could, some day down the way, become a very potent thing. Overall there are three general benefits that this kind of an idea would deliver: - Increased interoperability, all around, help to curtail bad vendor behavior. If product designers know how important the IETF logo is to have on their product, they are going to think about that at the early stages of product development. - Increased marketability of products delivered by interoperability-caring vendors. - More money for ISOC/IETF functions. The downsides are the application fee ($100), a little bit of time on the part of whoever owns the trademark (but the reg fees could deliver sufficient administrative budget to handle that). Frankly, I don't think it should be up to external government systems or others to reign in badly behaving vendors. It is up to *US* the engineers to reign these people in. My increasing view is that it really is up to us. We're engineers, we can understand far better how to keep other engineers in line better than anyone else. We've all had that errant engineer working in our company. The ego guy, or the lazy guy, the arguer, whatever. Engineers know how to handle engineers. The problem today is that we know how to handle bad vendors, but we do not have the capacity to get them to do, well, anything to address interoperability. If we can tie a rope around the the proverbial money stream of a bad vendor, we help to insure it makes financial sense to be a good vendor. Personally, I think the time has come for something like this. I'm tired of misbehaving people and abusive people. It's horrifically inefficient. There are *SO MANY* problems IT has to solve, the one thing we shouldn't have is standards battles. Technology is hard as hell for normal people to use. *THAT* is the battle technology vendors should be focusing on, not these blasted standards battles, which are ridiculous in their own right. The enemy here is the standards control business model. The victors should be the best implementors. This kind of a thing is only dangerous to people who view the end all and be all of their livelihood to be the proprietorization of standards. That kind of behavior is the enemy of both IETF as a whole, and the entire technology industry. Because it makes it harder on everyone, because everyone has to learn multiple technologies, and you have varied benefits laying all over the place. It's not like there is a shortage of IT problems to solve. Everything is too hard to use. Fundamentally, government shouldn't be reigning in bad vendors, *WE* should be, and the way to do it is to tie a rope around the marketability of Internet Compliant products, and then educate CIOs about the importance of this. The thing I always hated about certification/conformance, blah blah, is that it imposes a static, fixed cost on all parties and isn't issue driven. I like this idea, because you pay your $100, you get improved product marketability in return, and it is totally problem or issue driven, as opposed to a static/fixed cost being eaten by all vendors, good or bad. Kyle Lussier AutoNOC LLC
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
If it's easy-in, it's not *worth* much. I definitely agree with that, see below. TYPO: Should be I definitely disagree with that. Hell, as another example. If you are born rich, with a lot of money, that didn't take any effort, and it *MEANS* a lot. In this idea, everyone is born RICH.. but did you ever try to take away a rich person's money? That's like this idea is. Rich people fight their asses off to stay rich. That's what this logo is all about. Your born RICH, but if you misbehave, you can lose all your money. Kyle Lussier AutoNOC LLC
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
If it's easy-in, it's not *worth* much. I definitely disagree with that, see below. A UL rating is worth something because it requires some effort. An ISO9001 cert means something because it requires some effort. An MCSE means something because it requires some effort. A driver's license means something because it requires some effort (OK, maybe not a LOT, but enough to pass the road test ;) A diploma from an unaccredited send us a check, we'll send you a sheepskin diploma-mill doesn't mean anything because there's no real effort to be made. Which of these 5 is your scenario most like? None of the above. I assume you *think* it means the diploma from an unaccredited university. But since when was the IETF unaccredited? Actually, the thing I think it is most similar to is citizenship, such as US citizenship. Which takes *0* effort to gain, and means *A LOT*. :) Kyle Lussier AutoNOC LLC
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
But since when was the IETF unaccredited? Ahh.. obviously you don't really understand the Tao of the IETF. ;) Hey... the IETF is fully accredited in my mind :). A lot more accredited than some of the other accredited universities around. Now.. so why did you skip over my comparison of a closest match to product citizenship? It's might convenient to give me a list to work with, which the idea doesn't fit into, and then skip over my own addition to the list :) If all products are born proverbially RICH, and gain the market acceptance as having been derived from the use of the logo, trust me, ... your not going to want to lose that logo. At first would it be meaningless? Sure. The logo will have zero meaning until it makes it's way into a few contracts and the minds of a few CIOs. By creating a logo, there has to be demand for the logo. The value of the logo is in the demand that it creates, and in the differentiation of other products that it creates. In a competitive market, everyone is looking to differentiate, accept the people who have proprietary standards at risk. Fundamentally, the logo is really about giving standards-supporting products a leg-up in the market. Well, we can argue this until we're both blue in the face. The reality is... you've got my idea on the table. We absolutely need something, so what's your idea? Or are you just saying don't do it, because it's not part of the IETF. That may be the correct answer, I don't know. That's what we're here to find out. Never bring a criticism to the table without a better solution :). Kyle Lussier
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
Apparently, you've never undergone the effort it takes to actually BECOME a US citizen...otherwise you'd NEVER characterize that effort as *0*. Being born in the US or its territories and thus having citizenship by birth versus becoming one through naturalization are entirely different. Well I agree with this absolutely. In any case, welcome to US citizenship for all those who have been through the process. I know it's a bare, so let me personally apologize on behalf of my government, for the fact you had to go through that. So I guess the thing we can learn from INS is to streamline the naturalization process for external proprietary products? :) Kyle Lussier AutoNOC LLC
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
I seem to be getting two conflicting viewpoints: #1 Vendors can only be trusted to be interoperable on their own, and can not be forced to conform. #2 Vendors absolutely can't be trusted to be interoperable, without conformance testing. Kyle, in all kindness, you're missing the most fundamental viewpoint expressed here recently: The IETF isn't the place, nor is it the organization, that could or should take on the role of interoperability-cop. Some have proposed the ISOC as a body to do this kind of thing. Is it also public opinion that the ISOC should or shouldn't do something like this? I agree with all of everything being said. We mostly just need to find the right body to do this kind of thing, and it's still gotta be a jury of peers for it to have any value. We need a United Nations of Standards Citizenship. Kyle Lussier AutoNOC LLC
Re: Fwd: Re: IP: Microsoft breaks Mime specification
* But the use of a trademark, which stands for complies with RFCs * could be incredibly valuable. I suggest that you read RFCs 1122 and 1123 from cover to cover, and then ponder whether the nice-sounding phrase complies with the RFCs has any useful meaning. Perhaps you will begin to understand why the IETF Way is interoperability testing, not conformance testing But you are free to make your proposal at IAB plenary of the next IETF. Thanks for the comments Bob! I think there is very much a misconception as to what I am proposing. As I've mentioned, I absolutely, positively do not want conformance testing, of any kind! Purely an IETF endorsed logo. If you *want* to use a logo, you send in your $50-$100, sign the agreement that says your product works with the RFCs, and you get permission to use the trademark. Procedures would have to be in place to provide a logo yank process in eggregious abuses. It shouldn't be easy to yank a logo, it should be thoroughly peer reviewed. I wouldn't even mind if it took 12 months+ to yank a logo. What I am fundamentally looking for here is a procedure by which there is a control mechanism for defining a vendor trying to be interoperable (which is a huge consumer, customer, and vendor benefit) vs. a vendor that is using taking standards and abusing them in the marketplace. When you yank the logo, it's not like you can't still sell your product. It's just for us, as a vendor, having something like this allows us to contract to supporting interoperable third party vendors that are well behaved, and we get an opt-out on vendors whom the IETF community has put a big red X on. Zero, and I repeat Zero conformance testing. The reality is, standards and RFCs are going to get it only mostly right the majority of the time, and standards need to change. But the good faith intentions of a vendor towards interoperability should not change. The very simple logo idea I am proposing is purely a visible rating system at to the good faith intentions of a vendor to be interoperable. I am just saying, we need to reward intoperable vendors with the logo, and give CIOs the option to sign deals with vendors who are truly faithful to standards. I think this idea could help all of the markets significantly in terms of giving everyone a visible mark of interoperability. You get the mark until you absolutely, positively aggregiously abuse it. For 99% of the companies supporting IETF this will be extraordinarily valuable, and help all of us sell our products as well as get some money to have some IETF parties. :) This will only be a pain in the butt for the 1% of particularly powerful vendors who are unwilling to support IETF standards. Kyle Lussier AutoNOC LLC
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
Your process for yanking a logo requires a vendor's implementation to fail an interoperability test against a known standards compliant implementation. Anything less would make the logo meaningless. That smells dangeoursly like conformance testing. And that's why you're getting such push-back. Well, this comment is undoubtedly going to cause some more push-back. :) I seem to be getting two conflicting viewpoints: #1 Vendors can only be trusted to be interoperable on their own, and can not be forced to conform. #2 Vendors absolutely can't be trusted to be interoperable, without conformance testing. I guess everyone approaches things in different ways. And that's why I made the proposal. Because this idea works with either viewpoint. Personally, in this particular kind of massively distributed, diverging objectives scenario, I say trust everyone to do what's right and then use the logo yanking process to (1) identify ill behaving vendors / products, (2) give them double reasonable opportunity to correct, and then in the absence of any good faith effort (3) publicly (but nicely) flog them by yanking the logo. Trust everyone to do what's right. Reward the people who do the right thing (by allowing them to use the logo). And people who do the wrong thing can lose it. I'm not really a believer in conformance testing, because the space of the Internet is so rapidly evolving, anything you test against is a moving target, and because something conforms at one point, it may not next week. I think that sentence addresses the majority of problem-type criticism the idea has had. I am absolutely on everyone's side and agree with everything posted as such. Everyone has listed problems, but no one has said they can't be worked around. I'm just looking for a solution that creates significant, immediate benefit for people who try to follow standards. And when bad vendors come around and start doing bad things to hurt interoperability (an incredible benefit to customers, consumers, you name it), the IETF makes it easier for Mostly, I'm looking for some level of easy-in product segmentation for contractual, customer visibility, and CIO empowerment type things. If you are a vendor, and your customer gets pissed at you and says you aren't being a good vendor, and you said you would be, it gives them an angle to push. A slow, bureaucratic one, but a way to lead vendors, through reward, to do the right thing. Kyle Lussier AutoNOC LLC
Re: Fwd: Re: IP: Microsoft breaks Mime specification
That's the only way I see to do it, not to mention, if it's cheap and easy, lots of people will do it, and you would generate a $10m legal fund so that it had some teeth. Are you that sure that there are 100,000 seperate products that would want to have the logo attached to them, and willing to pay $100 for it? /Valdis Well... I don't know about that, ask a marketing guy :). I know we would buy a couple for our different products, primarily because we know seeing IETF Certified with be a big value add to them. It may be that our product would benefit more from that than others, but I know we would buy enough to cover the cost of the trademark over a year or two, at a minimum. Kyle Lussier
Re: Fwd: Re: IP: Microsoft breaks Mime specification
If a vendor *fixes* something and we get burned that bad, what makes you think that yanking the right to use a logo will change anything? Well, the whole point of it is to give CIOs and IT Managers the ability to write into their contracts IETF Compliance or no money. CIOs would still need to choose to do this of course, but, as I mentioned before, I know a number of them that are ready to strangle some of their badly behaving vendors. In the economy of today, if large implementations don't go well, as a CIO, you are out the door. IETF Compliance can go a long way torwards helping secure the jobs of our CIOs by reducing interoperability headaches and vendor standards infighting. Kyle Lussier AutoNOC LLC
Re: Fwd: Re: IP: Microsoft breaks Mime specification
This all sounds like you're being a tad fluffy on the business side here... Well.. I burst out loud laughing on that one. I guess other certification efforts, that cost $5000+ for logo compliance aren't fluffy? But the biggest problem here is that you've just created a $10M annual cashflow for the IETF to manage. This would be a massive infusion of cash for an entity that today runs on cookies and good will. Do you really think that you can put $10M (or gosh forbid, $10M *a year*) into a bank account without it starting to attract attention? History tells us it would immediately generate its own infrastructure to consume it (have you looked over at the DNS world recently?) You are right about all of this. I'm just looking for solutions to strengthen vendor compliance. Ed Gerck's Non-Compliance list is a great solution, that would probably meet our needs for contracts... which is where this discussion (from my perspective) came from. Maybe the IETF doesn't want the cash flow? Kind of sounds like it :). Worst case... have big IETF parties, courtesy of trademark registrations. Try for a moment to image the new class of problems this will entail for the IETF (and the new class of people who would show up for the budgeting and cashflow management working group) if the IETF was suddenly worth $10M a year. Remember the old curse be careful what you ask for, in case you actually get it... Your problem here is that your business case seems to fail the smell test. You are right about all of this of course. But, hey if you really feel this has merit, I encourage you to go off for a while and work up the details. But be *really* specific. Personally I'm particularly interested in your business plan because after all, you're asking for at least $10M and the market has been down for the past year. If you can build a business that generates $10M a year with *this* idea, it would suggest that the downturn is finally over... Well.. let's be clear, I don't necessarily even want to do this. I'd prefer it if we didn't actually, because all these integrity issues would appear that would cloud the vision of our product. We are a vendor, we want to make as much money as possible, and we want to do that by building the best product, on the merits, that supports the standards. But we need the standards to mean a lot more than it currently does. Maybe someone in academics should organize it. Is there like one of those NSF Engineering Research Centers for the Internet or anything? A group like that, with accounting, budgeting, etc. should probably run this kind of thing. They are always looking for ways to generate fees on industry, but they often have leaders with a great deal of integrity, so a group like that might be ideal. I just know, that as a business, we would buy the logo, and educate CIOs about the importance of it. So please include some market research on your numbers. I'd also like to see the detailed proposals outlining your processes, and I'd like to the names and fee schedules for the lawyers you've hired to vet all this. And finally, if you can work in seven layers somewhere I'd be willing to resurrect some old T-shirts from the early nineties for you, back from before people started taking the IETF this seriously... Don't blame me, I'm just a visionary trying to offer new possible solutions :). Kyle Lussier AutoNOC LLC
Re: Fwd: Re: IP: Microsoft breaks Mime specification
The only permanent bodies in the IETF are the IESG, IAB (and perhaps, depending on how you look at it, the NOMCOM, IRSG, RFC Editor and IANA). While not a member of any of these bodies, it is my belief that they would all be opposed to the imposition on them of the burden you are so zealously promoting. Well, it was just an idea. I saw support from a couple others for something like it. I'll write it off as juedge to be impractical. I would like to thank everyone for their feedback, it was thorough, novel, and intelligent. Kyle Lussier AutoNOC LLC
Re: Fwd: Re: IP: Microsoft breaks Mime specification
I think, ultimately, this could be done. None of these are scenarios that couldn't be handled in the application, and testing would be a non-issue, because you just say my product follows IETF standards. The only worries you have are about not conforming to the IETF. But, the consensus, as I read it, seems to be that it's not what IETF is about and is impractical. That's fine, and I agree with the comments. It's just a shame there aren't better solutions to badly behaving vendors. Because the net result is that we all have to learn more products, we double our costs, we couble our expenses, and things move at half-speed. Love it or not, this is a problem we all will have to deal with, for a long time. And if not the IETF to solve this problem then who? It's easy to villify an idea that may or may not be appropriate, but we're still stuck with the same problem. Kyle Lussier AutoNOC LLC On Wed, 23 Jan 2002 12:09:30 PST, you said: You're looking at situations including: 1) Vendor X has the logo, Vendor Y hasn't applied/recieved it yet. Y has the better product, but X gets the bid. The IETF gets sued by vendor Y for conspiring to keep Y out of business, and you get sued as CIO by your shareholders for mismanagement because X turns into a boondogle. 2) Vendor X has the logo, but a *severe* bug has been found, but the logo hasn't been pulled yet. Vendor Y has had their logo pulled for a smaller infraction. Vendor Y sues you and the IETF because of unfair practices.. 3) Vendor X has the logo, but nobody has actually *verified* that their product implements the standard. Vendor Y has their logo pulled for something minor. This leads to: 3a) Vendor Y sues because nobody has tested X. 3b) Vendor X was the one who pointed out the problems in Y, and due to marketshare/influence/bribery, Y's logo got pulled while testing of X gets delayed - allowing X to get a contract that Y would have gotten otherwise. 4) You buy shrink-wrapped Z that has the logo. You subsequently find that the logo had been pulled, but of course the product wasn't recalled off the store shelves and repackaged before you bought it. You find yourself fired because you broke company policy to only buy logo'ed products. 5) Vendor Y sues because their logo gets yanked because THEIR interpretation of an RFC doesn't match the reading the WG Chair gives of the RFC, and the WC Chair happens to work for Vendor X. 6) You are cordially invited to suggest how Microsoft will brand their Outlook XP with the logo, in particular, how to keep track of all the following: 6a) Outlook XP branded as of 01/01/2002 6b) Outlook XP SP1 not branded as of 01/21/2002 because of bug 4781 6c) Outlook XP SP1+OfficeQFE:4781 branded as of release date of fix for 4781 6d) Outlook XP SP1+OfficeQFE:4781 but lacking OfficeQFE:NNN not branded as of 02/dd/2002 because of bug 6e) Outlook XP SP1+OfficeQFE:4781+OfficeQFE:NNN branded as of 03/dd/2002, but Outlook XP installs that are missing either the 4781 *or* fix are *not* branded. 6f) Outlook XP SP2 is branded, *except* if you've installed fix which breaks something, unless you've ALSO installed fix NNMM... And that's with just 3 or 4 bugfixes. Remember that a major product could have *hundreds* of bugfixes, all of which impact compliance to some extent. Enjoy. 7) Microsoft and AOL/Netscape get into a Well, *your* browser does THIS! war, with *both* sides shipping fixes and poking holes in the other's software on a daily basis, and somebody gets to track the current state of *two* browsers as per point (6) above, while both sides have lawyers breathing down your neck saying Well, if *my* bug XYZ counted, so does *their* bug QST. CIOs would still need to choose to do this of course, but, as I mentioned before, I know a number of them that are ready to strangle some of their badly behaving vendors. Again - if the CIO telling the vendor Fix it or we're going elsewhere doesn't cause the vendor to toe the line, why will Put a logo on it or we're going elsewhere do it? In the economy of today, if large implementations don't go well, as a CIO, you are out the door. IETF Compliance can go a long way torwards helping secure the jobs of our CIOs by reducing interoperability headaches and vendor standards infighting. You obviously haven't been in the industry long enough to have gotten stuck in the middle of an deployment of a certified product that won't interoperate. I'm sure most of the old-timers on this list have seen at least one case where a vendor guaranteed in writing that Version N+1 of their software would interoperate with Version N of *the same software*, but the upgrade didn't work right anyhow, since the software didn't read the guarantee -- Valdis Kletnieks Computer Systems Senior Engineer
RE: Microsoft .NET Licensing
Someone inside Microsoft gives me a clear info about this: to be clear, developers will get .NET My Services bits as part of SDK for free if they subscribe MSDN. 1.5K/per app is for partner who wants to test/to be certified against a live testing environment hosted by Microsoft. The 10K fee is for the ASP/ISP partners who host web applications that consume the .NET My Services hosted by Microsoft. Thanks for taking time to look into this Peter. I'm still not clear on this. Can you develop a .NET application, ship it, and sell it commercially without paying any fees? Or is registration/testing required? Kyle Lussier
RE: Microsoft .NET Licensing
If you want everyone to put .NET features in software, it's best to offer the tools to do it for free. Even then, some developers might find it more trouble than it is worth. Well, I am certainly very impressed by the work Red Hat, IBM, Linus, Alan Cox, and the many other contributors to Linux have offered. What really got my attention was the shipping of a journaling file system (I believe with Red Hat 7.2?) so that you can back out hard drive changes. Is that even on a whiteboard anywhere at Microsoft? The kernel level IP Chains stuff is really impressive as well. My hat goes off to all the Linux contributors. We will actually be shipping our first Linux app next year, as well as supporting Windows. Whether good or bad, it really looks like the new reality is that the all-windows-all-the-time shop is becoming a minority, whereas the mixed Linux/Windows shop is the majority customer profile to be supported, love it or hate it. And that makes life interesting, because if you were to apply a platform goal to both Windows and Linux, it would seem Linux is the software designed to support the mixed environment, whereas, I'm not entirely sure what Microsoft wants to do with regards to Linux. I read an article about there being 2 camps at Microsoft, an Alchin camp and the Silverburg camp. Alchin wanted to proprietorize everything and Silverburg wanted to support standards. Apparently Gates sided with Alchin and Silverburg went on sabatical. :( I know I am certainly on the side of the pro-Silverburg people inside Microsoft, it's really a shame they didn't win the internal battle. This new .NET business model, however, makes things very interesting, because it certainly isn't going to attract non-Windows developers. And so it seems, the people that will pay those fees by and large are the people that are most dependent on Microsoft. I.e., those fees seem to be targeted to milk the all-windows-all-the-time shops dry. And those shops are supposed to be the best Microsoft customers! And so I find it all very interesting. Love it or hate it, the new majority market is the mixed Windows/Linux shop. Kyle Lussier www.AutoNOC.com
RE: Microsoft .NET Licensing
Linux isn't even a blip on the radar in the vast majority of shops. Having one in the building isn't the same as having a mixed shop. Well, I definitely don't agree with that. I'm not sure what types of shops you are talking about, but I would say the minority of our customers don't have Linux in one critical role or another. I don't remember the last time I was off site and didn't see at least one Linux box up running somewhere. But these are all back room applications. I agree with your assertion that Linux is but a blip on the desktop. But in the back end, for the majority of our customers it is a core platform, and increasingly so. Kyle Lussier
Microsoft .NET Licensing
This should be of interest to some of the developers in this group. Developers: What .Net will cost you http://news.cnet.com/news/0-1003-200-7629784.html?tag=mn_hd From the article: For standard use, which Microsoft expects will involve the majority of users, Microsoft will charge $10,000 per year for using .Net My Services and $1,500 per application. Kyle Lussier www.AutoNOC.com
RE: Microsoft .NET Licensing
If Microsoft wants .Net to succeed, it should make developer access free. How many Windows applications would there be today if every developer of such an application had to pay Microsoft $10,000 per year? I agree. I'm not even sure why they are doing this. While it is certainly possible I don't understand what they mean by charging $10,000/year and $1,500/year per .NET app, the problem I have is, if I can't understand how much it's going to cost me just to write an app on .NET, how the heck can I build a business app on it? I was speaking with one Microsoft rep in e-mail, and I made the comment that I was going to have to hire someone just to figure out all these licensing issues, handle product activiation, and compliance things, and the person responded: ROFLMAO! She didn't realize I wasn't making a joke. Kyle Lussier www.AutoNOC.com
IPv6 / NAT
Well the message I got earlier was the IPv6 will not fix the NAT problem - true or not true? I assume with IPv6 there is no need for NATs. Who thinks they will still be around - humm maybe if the ISP charge a fortune for 4 IP addresses vs 1 IP address (IPv6 or IPv4). I think what we need is the ability to provide for NAT like functionality in a logical / theoretical sense in the IPv6 namespace, but without the "physical action of translation". I.e., we need a logical construct that resides on IPv6 global space that is mobile. Why would you want this? What problem is there to solve? It was raised by a very sharp person a little while back on this list, specifically the ability to switch providers without consequences. We need a logical / functional mapping or construct on top of IPv6 that allows a company to "move it's entire self around" in the IPv6 namespace. What immediately comes to mind, is that IPv6 should have some kind of "relative addressing" capability, where a company can build a network on the relative space, but move it at a whim if they switch providers, or for any other purpose. My point / the difference in this suggestion from NATs is that it should be logical and defined on IPv6 requiring no actual translation. In summary, IPv6 should support absolute addressing as well as relative addressing, and even indexed addressing as primitive IPv6 operations. Kyle Lussier www.AutoNOC.com
RE: Number of Firewall/NAT Users
Well, NAPSTER comes pretty close. Two peers can exchange files if at least one of them can act as a server, i.e. is not blocked by a NAT. If both are behind NAT, they can't. The point being, NAT are only transparent if the host behind a NAT acts as a "client", and initiates the TCP connection. Peer-to-peer applications assume that every host can be a server. That's a great example! The other example that sometimes urks me is the issue of bi-directionally managed SNMP devices (that use polling and traps). You have to start doing all kinds of strange things, like SNMP proxying to make this stuff work my view is an address should be the address, unquestionably and undeniably. There is also the issue of new distributed bi-directionally communicating firewall technologies and things. These are kind of peer-to-peer applications. It can be argued that all of this should be on the same side of the NAT, but what happens if you are an MSP managing or securing remote customer networks? NATs make life very difficult for them. You have to start building VPNs into customer networks and then you are working with multiple DNS and multiple NAT servers... very ugly stuff if you want to reliably manage it all. v4. Renumbering can be expensive. NATs are seen by many enterprises as a way of removing the need to renumber should they change providers. Until the issue of renumbering is addressed, NATs will not go away. I'm still very intrigued by what David Conrad wrote above and I completely agree with. Is there any way that ipv6 handles provider renumbering? I can think of a couple ways it could be done given the huge ipv6 space. But personally, I like the convention of just using DNS names for all devices, and then you can renumber pretty much at will. But there are problems there also. I realize ipv6 renumbering has probably been covered in depth, but is there any more thoughts incorporated into it related to provider renumbering? Kyle Lussier www.AutoNOC.com
RE: Number of Firewall/NAT Users
It is time IMO for some at the IETF to stop pretending that the Internet can made into a homogeneous network. It wasn't and it won't. Ip address space will continues to tighten, exponentially increasing the pain of dealing with such a small number of IPs. Then throw 200 million cell phones with their own IP, and you network everything in your house, plus all the PDA's and other gadgets coming. It is a horried idea to start setting up NATs on cell phones, on PDA's and only god knows what else we be plugged into the net (I liked the ip addressible coffee machine I saw that you could telnet into). Do you really want to put and configure a NAT in your coffee maker? As the pain of limited IP address space tightens we'll move more and more to IPv6 and it'll level itself out. While NATs *work* they are horribly inelegant. I'm very much reminded of the days when there was a PC limit of 640k RAM, and the manufacturers places all the video RAM and support stuff above 640k because "no one would ever need it". This caused huge problems for years and years as we all fought to get back to an open address space... if then...we had only just invested in a good design. As the pain of limited IP space increases, so shall we switch and NAT's will someday be no more. The question is, how much will we inflict upon ourselves in the pursuit of making NAT's work? I hope this time around we fix the problem earlier.... Kyle Lussier www.AutoNOC.com
RE: What is the IETF? -- A note of caution
But it's that word "representative" I find disquieting. I second everything you said John. How does the IETF prevent a "RAMBUS" type scenario where a company sits in on IETF, copies the technologies, patents them, waits for everyone to adopt them, and then sues everyone for infringement? This is very concerning to me. I want so much to go hog wild with new ideas and work for IETF, but I don't want the work to be thrown against me in courts by a hidden observer claiming the work to be proprietary. The work done in IETF should be unpatentable... the question is.. is it? I am sure it's been discussed before, can someone point me to how the "RAMBUS" scenario is prevented? Regards, Kyle Lussier