On Dec 29, 2009, at 9:29 AM, Sachs, Marcus Hans (Marc) wrote:
> Totally out of the box, but here goes: why don't we run the entire Internet
> management plane "out of band" so that customers have minimal ability to
> interact with routing updates, layer 3/4 protocols, DNS, etc.? I don't mean
> 100% exclusion for all customers, but for the average Joe-customer
> (residential, business, etc., not the researcher, network operator, or
> clueful content provider) do they really need to have full access to the
> Internet mechanisms (routing, naming, numbering, etc.)?
>
> We already provide lots of proxy services for end users, so why not finish
> the job and move all of the management mechanisms out of plain sight?
I hope you're joking. If not, I have two questions: how can this be done, and
what will the side-effects be?
Take BGP, for example. The average residential consumer doesn't need BGP,
doesn't speak it, and has no real ability to interfere with it, so there's no
problem. But a multihomed customer *must* speak it. Perhaps you could assert
that their ISPs should announce it -- but why trust random ISPs? Is that ISP
12 hops away from you trustworthy, or a front for the Elbonian Business Network?
As for side-effects -- how can you proxy everything? Do you know every
application your customers are running? Must someone who invents a new app
first develop a proxy and persuade every ISP that it's safe, secure,
high-enough performance, and worth their while to run? It's worth remembering
that most of the innovative applications have come from folks whom no one had
ever heard of.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
