[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
On filibusters as a mode of technical discussion
I'd like to bring this discussion back to a place of a little less fervor and a little more engineering, if I may. I have been staying out of it as much as anything because people really do need to be allowed to say what they think. But...
At the microphone yesterday, I had to cut the discussion off. My reasons were two-fold. One was that we were in the first discussion of several and the meeting time had to be preserved. The other was that successive speakers were saying the same thing, and spending a lot of time saying it. It had the effect of a filibuster, and I'm not in favor of filibusters as a means of getting technical work done.
It comes down to this. We as a community have two views. We would like a free and open Internet in which applications can be designed with an expectation that they can communicate amongst themselves freely. We would also like to have, and have a business need to provide for ourselves, the ability to communicate only with peer applications that have our best interests at heart. The history of humanity says that altruism is not a pervasive trait, and the history of the Internet says that we behave on the Internet the same way we do at home.
My corporate IT folks tell me they drop something on the order of 98% of the email sent to my account, because only 2% behaves in a manner consistent with good etiquette. At the firewall in front of my home I measure a 30 message per second standing load of messages from systems that I have no reason to allow into my home. For me, it comes down to the reason I have a door on my home and it is equipped with a lock. Someone who has a legitimate reason to be in my home also has the manners to knock on my door. If we don't see this on IPv6, it is for the same reason that I don't see viruses on my Mac - it's a sufficiently low value target that nobody is bothering to attack it. As soon as it becomes an interesting target, we can expect folks to attack it. The fact that it is not raining now is not proof that I will not need a roof at any time in the future. Non sequitor.
This draft was commissioned to describe a simple stateful default-deny firewall. What we decided yesterday that it would continue to describe is a simple stateful default-deny firewall. Everyone doesn't have to install one, and we decided as a group that we would have no recommendation whether they should. But for those that choose to install a simple stateful default-deny firewall, this note indicates how that should behave.
If we want to change the intent of the note, that's one thing. But we didn't yesterday decide to change the intent of the note. What we decided yesterday was to permit a second note, perhaps based on draft-vyncke-advanced-ipv6-security, that would describe an alternative security procedure. I would invite that note, and I would invite demonstration of the effectiveness of the mechanisms proposed in providing security.
Let's drop the filibuster. Please. Let's channel all this fervor into making the alternative a really good, and really honestly accurate, note.