In article <9ab8441b-8f37-8edb-17ae-0a102447b...@digitaldissidents.org> you write: >> Right, but I don't believe the HRPC work has suggested that things >> that have HR implications should _not be done_. They should be noted, >> and I'm all in favour of that. What you are arguing, however, is in >> line with the way the IETF ended up doing the BEHAVE WG: we wouldn't >> agree to consider NAT when it was first being worked on, so everyone >> did it their own way. Then we had 30 million different ways to >> achieve the same result, none of which worked with anything else, so >> we had to come up with a bunch of well-defined work arounds to get >> things to function together. It's not obvious that is an improvement.
It's even worse than that. Some of the workarounds like VoIP ALG just don't work, but others like UPnP invented outside the IETF are security disasters. If we'd been willing to engage with the problem, NATs would still be ugly but we could at least have kept it from being trivially easy to run botnets through a NAT. >The difference between NAT and 3rd party verification is that there was >a significant demand for the former, and not for the latter. Repeating this assertion really isn't helpful. Anyone familiar with ICANN's gTLDs would be aware that there are a bunch of TLDs that limit registrations to members of specific communitities, such as .AERO, .TRAVEL, .BANK, .COOP, and .NGO/.ORG. I can tell you from experience that no two use the same method to validate registrants and pass the validation info to the registrar, and it's a bunch of painful and inconsistent kludges. This offers at least the possibility of a consistent way to do it so, e.g., your national co-op association can assert that you're really a co-op. I realize they don't do it this way now, but they can't use a feature that doesn't exist yet. R's, John _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
