Re: Tagging traffic (Was: CPE equipments and stateful filters)

[itojun@itojun.org (Jun-ichiro itojun Hagino)]

> > 	again, it is better to be raised in IAB plenary i guess.
> 
> It is indeed a much more structural change of how "The Internet" would
> behave, but in combo with the changed usage of IP over the years, future
> assumptions, current ID/LOC proposals, the requirements for tracking
> things etc etc, I guess something like that whill one day be the way
> that it will have to go before it turns into a complete and total mess
> that we can't control at all anymore and rampant things like "blocking
> port 25" will become very extremely common place.

	(off topic, i know)
	in my opinion ID/LOC stuff is all wrong.  IP address is always locator
	and you have to use X.509 certs or ssh host key for IDs.
	IAB has bee tntrying very hard to keep the important design decisions
	made by early pioneers.  of course some of them has to be updated, but
	it is in my firm belief that many of the old sayings are right.

> > 	that is "signalling for everything" model, i.e. telco model....
> > 	how can you identify which router between you and www.wikipedia.org
> > 	you need to contact for a permission to connect?
> 
> Same way that eg uPnP does. One can always use mDNS or DNS+DNSSec to
> figure it out, get it through DHCP, a lot of other methods. In a big
> corp network one also already have to figure out what the authentication
> service is anyway at the moment, can use that too, one has to
> authenticate it anyway.

	as far as i understand UPnP is on-link only (correct me if i'm wrong).

	you do not get my point: there could be multiple enforcement points
	that may block your traffic.  how can you ask for ALL of them to allow
	your http traffic.  this is a policy thing so the way how to ask it
	could be different, the way how to deploy your proposal would be real
	hard just like intserv suffered.
	if you know of intserv deployment across huge number of independent
	ASes, let me know.  i'm curious.

itojun