RE: port blocking (was Re: CELP (was RE:) )

["Ayyasamy, Senthilkumar \(UMKC-Student\)" <saq66@umkc.edu>]

> "Having an encrypted conversation with a stranger may be like meeting that
> person in a dark alley.  Whatever happens, there are no witnesses."  (quote
> is from Blumenthal and Clark, _Rethinking the Design of the Internet: The
> End-to-End Arguments vs. the Brave New World, August 2001)
 
If you need an architectural principle that allows port blocking but still
encrypt your communication, Dave Clark gave better answers in his follow up
works (not an engineering solution.) He called that as *controlled 
transparency* - in terms of shared trust among multiple untrusted parties.
 
The SIGCOMM 02 position paper made an argument for controlled 
transparency. But, the details are present in his recent FDNA work
(section 2.2, 3.2 and 4.1):
 
http://www.isi.edu/newarch/DOCUMENTS/Principles.FDNA03.pdf
Clark, D., Sollins, K., Wroclawski, J., and Faber, T., 
"Addressing Reality: An Architectural Response to Real-World 
Demands on the Evolving Internet." 
ACM SIGCOMM 2003 FDNA Workshop, August 2003. 
 
technically, Dave Clark's idea is not deployable unless we support multiple 
security levels in the form of layers ( as a first step, provide access 
control to trusted intermediate routers to read  selected portions 
of the pkt headers in a secure and controlled manner. If so, you need a
secure enrollment service between the end system and the trusted routers.)
I am not sure, but the soon-to-be-WG ALIAS should take up these issues.
 
Phil Karn,OTOH, claims that network should just move his happy packets with
control at end user ( check out his recent nanog talk.)