[LINK] There goes the neighbourhood...

Kim Holburn kim at holburn.net
Thu May 12 08:47:08 AEST 2011 

The problem with the H232/SIP style protocols is that they expect the network to treat them differently.  The internet is successful because it is a dumb network.  It passes packets.  It doesn't need to know anything about the contents, it just reads the envelope and passes it to the next envelope reader.  The smarts are at the edges, in the edge devices and applications.  The more smarts you push onto the network the less like the internet it becomes.  The less flexible, the less useful.  You find that suddenly your protocol just doesn't seem to work in the current environment because of some assumptions you made about network function that it was no business of yours to make.  SIP/H323 are those protocols.  The smarts need to be in the end-points and they should leave the network to the network devices.

On 2011/May/11, at 11:38 PM, Karl Auer wrote:

> On Wed, 2011-05-11 at 23:12 +1000, Kim Holburn wrote:
>> Maybe crypto was the original reason for this.  Using IP address as a
>> crypto key is probably not such a great idea and doesn't work so well
>> in an environment where many clients are in a private address space.  
> 
> Keys? It's not about using the IP addresses as keys, it's about
> protecting the integrity, confidentiality or authority of the addresses
> involved. NAT, by changing the source address from the destination's
> point of view (and vice versa) breaks that.
> 
>> I'd have to disagree there.  I don't think that the network guarantees
>> that the IP addresses in headers are going to stay the same from
>> source to destination and so stay the same as any copies of such in
>> the data.  
> 
> What can I say? "You're wrong" doesn't do the above statement justice.
> 
> That is exactly and precisely what the network is supposed to guarantee.
> It is the very bone and marrow of the function of the network, and
> anything that breaks it is a Bad Thing. Do you think the people who
> invented the Internet and went on to implement (say) FTP just got it
> wrong?!?
> 
>> I thought that the application layer was a separate layer and should
>> leave ip layer details to the ip layer.  Probably not an absolute rule
>> but a reasonable principle.  If there is a good reason for doing this
>> at the application layer then fine but if not, what's the point?
> 
> The application layer has nothing to do with it. ALL layers occasionally
> have need to be self-referential.
> 
> Regards, K.
> 
> -- 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
> http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)
> 
> GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
> Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list