Re: simple security

[RÃmi Denis-Courmont <remi@remlab.net>]

On Tue, 23 Mar 2010 11:14:00 -0700, Victor Kuarsingh

<victor.kuarsingh@gmail.com> wrote:

> I think that it's premature to assume the "home" network is ready for

> unrestricted connectivity.  The dynamics of the "home" networks are

> changing so fast, that the risks of this environment are not known.



I said we need a ***hole punching*** mechanism.



Without hole punching application programmers will be stuck with UDP for

peer-to-peer use cases. And that's not good (I'd expect the IETF Transport

Area not be very happy with that, but IANAAD). No connection semantics, no

error correction, no flow/congestion control. If my memory is not failing

too badly, James Woodyatt also had a companion draft for that purpose. But

it's now defunct a document.



Then there is the proven issue that battery powered devices cannot cope

with stateful firewalling too well, unless the timeouts are long and

_known_. Typically they are short (especially for UDP). And with stateful

firewalling they aren't known. If the timeouts are not known, the

application ends up making the most pessimistic assumption (i.e. less than

30 seconds). That's not sustainable with the current battery technology,

and won't be for years to come if the experts of that domain are to be

trusted.



-- 

RÃmi Denis-Courmont

http://www.remlab.net

http://fi.linkedin.com/in/remidenis