interesting-people message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: more on aka ipv6 Off-the-shelf home remote monitoring system (was Re: [IP] Man in Germany Foils Burglary in Brazil)

  • From: David Farber <dave@farber.net>
  • To: ip@v2.listbox.com
  • Date: Sat, 16 Dec 2006 06:33:49 +0900



Begin forwarded message:

From: Bob Frankston <Bob2-19-0501@bobf.frankston.com>
Date: December 15, 2006 11:37:12 PM JST
To: dave@farber.net, ip@v2.listbox.com
Cc: "'Andrew C Burnette'" <acb@acb.net>
Subject: RE: more on aka ipv6 Off-the-shelf home remote monitoring system (was Re: [IP] Man in Germany Foils Burglary in Brazil)


Alas V6 is not the answer. I used to be a strong advocate of v6 and it
still has value but it doesn't address the more fundamental problem of
forcing the IP address to act as both the name and the path. It can't -- so
we create the DNS as a stable database but then only lease the name thus
making it even worse.


And even if we fix all that you must be able to have any part of the
Internet act like the whole -- that is fundamental to edge-to-edge (since
end-to-end all-to-often means womb-to-tomb and peer-to-peer typically manes
bit-torrent-like). You can't depend on the backbone even existing let alone
being a provider of names -- that's a fatal dependency which is only
tolerable in today's prototype.


This is why I wrote http://www.frankston.com/?Name=OurInternet - I want to
give a sense of how we can get real E2E by starting at the edge and not at
the center.


As to the problems of the NAT, I've come to accept the NAT -- Skype
demonstrates how one can make the NAT, in effect, disappear. Not perfectly
but for the most part one can take responsibility at the edge.


As to security, if we are truly E2E then as long as the path is encrypted
(and we put aside traffic analysis for the moment though one can deal with
that too) then we can take responsibility for security despite that NAT. If
packets go awry then they are lost but not interpretable.


Yes, NATs are a problem but only one of many that we have to be overcome.
Corporate firewalls are far bigger threat, especially when they fight
against E2E security while at the same time ensuring bubble baby
vulnerabilities.


But we don't have to accept NATs as-is -- if you do want V6 why not have
the NATs act as V6 routers? That would seem to be very much within the IETF
scope. After all, a NAT is typically called a home router -- why not make
it a V6 friendly router including taking full advantage of V6 over V4 so
you can do V6 from the edge. V6 is not the answer but at least it is better
than putting @'s into SIP and Email addresses thus making the boundaries
too visible.


Don't forget you still need to make those V6 addresses known and stable. So
you either put it into the DNS (or a DDNS) or rely on a third party
home-brew DDNS. If those addresses are in the DNS then they are
discoverable and you have real security concerns.


One big feature of my "from the edge" approach using Crypto-GUIDs is that
the names are only discoverable if you choose to make them and you can have
many and associate them with social topologies of your choice.


-----Original Message-----
From: David Farber [mailto:dave@farber.net]
Sent: Friday, December 15, 2006 01:09
To: ip@v2.listbox.com
Subject: more on aka ipv6 Off-the-shelf home remote monitoring system (was
Re: [IP] Man in Germany Foils Burglary in Brazil)




Begin forwarded message:

From: Andrew C Burnette <acb@acb.net>
Date: December 15, 2006 10:16:37 AM JST
To: dave@farber.net
Subject: Re: Off-the-shelf home remote monitoring system (was Re:
[IP] Man in Germany Foils Burglary in Brazil)

Dave,

The problem with enabling these "any to any" connections into the
home are all related to the "stopgap" that is known as Network
Address Translation (or NAT).  Home connections are assigned a single
address, often having many devices connected behind a linksys/dlink/
netgear/etc router which simply performs a basic NAT function.

The result is fragile applications written to "get around" the
limitations of NAT, and application gateway helpers built into those
$49 boxes so many of us have in our homes. All of these bandaids
undermine security (due to complexity of code in an application) and
diminish functionality of the network as it is capable of if address
space were made available for all devices needing one.

Thus, "end to end" communication does not exist on the Internet as we
know it today. Why is this?  IP address conservation, and limited
space in IPv4 addresses. We have legacy "auto manufacturers" with
more assigned IP addresses than entire countries in Europe and Asia.
The entirety of the cable or DSL offering of Internet service have
fewer addresses than some countries.

IPv6 is the unfortunate answer, only because of the extended address
space it provides. I call it unfortunate as all IPv6's other [good]
features have been backported to IPv4, or are no longer issues (due
to three orders of magnitude increase in CPU power and RAM in routers
in a decade since IPv6 was solidified).

There is no clear economic benefit for the early adopter, and those
companies (ISPs, Carriers, NSPs, etc) are in the weakest financial
positions to invest in transitioning to a "bigger" Internet.

Food for thought in any case.

Thanks,
Andy Burnette
Telcordia Applied Research
http://www.argreenhouse.com


David Farber wrote:
Begin forwarded message:
From: Dave Crocker <dcrocker@bbiw.net>
Date: December 15, 2006 7:04:11 AM JST
To: dave@farber.net
Cc: ip@v2.listbox.com, Ross Stapleton-Gray <ross@stapleton-gray.com>
Subject: Off-the-shelf home remote monitoring system (was Re: [IP]
Man in Germany Foils Burglary in Brazil)
David Farber wrote:
"Businessman Joao Pedro Wettlauser was in Cologne, Germany, on
Sunday when he received an alert on his phone informing him that
someone had entered his vacation house in Guaruja, 54 miles south
of Sao Paulo, police said.
He quickly turned on his laptop and, thanks to security cameras
connected to the Internet, was able to see a tattooed man stuffing
goods into trash bags..."
On the one hand, it is clear that all of the pieces of technology
and software for doing this are readily available.
On the other hand, I find myself unclear what the necessary details
are, for arranging this sort of set up work in a normal home and
with normal cell phones, smartphones, laptops, and the like.
As a small example, normal home Internet connections are not very
workable for the operation of servers, yet this report described
coming *from* the Internet and going *into* the home's resources.
I therefore suspect it would be of community benefit to have some
folks suggest the pieces and how to arrange them.  This would be
for a home with typical DSL or Cable Internet attachment, typical
Windows or Macintosh machines, and a user who has good installation
and administration skills, but not at the level of programming, or
otherwise requiring deep expertise.
Or there might already be some citations to such recommendations.
d/
--
  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
-------------------------------------
You are subscribed as acb@acb.net
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-
people/


-------------------------------------
You are subscribed as BobIP@Bobf.Frankston.com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting- people/




------------------------------------- You are subscribed as interesting-people@lists.elistx.com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

</form>

Powered by eList eXpress LLC