Re: HTTP 2.0 mandatory security vs. Amateur Radio

On Thu, Nov 14, 2013 at 11:58 PM, Bruce Perens <> wrote:

>  On 11/14/2013 11:49 PM, Roberto Peon wrote:
>  When I think about how we got here, I'm fairly certain that there is no
> MUST we could put into a document or spec, and there is no social
> engineering that would have prevented us from reaching the state that we're
> in today w.r.t. middleboxes.
> It seems to me that the major employment of firewall rules is to protect
> from the unknown. We don't know what legitimate traffic would ever be on
> that port, so we block it.
> It is a solvable task to teach that this practice breaks the internet, and
> to promote better practices. I don't see that it would be impossible to do
> this with MUST rules in a specification, although that isn't the only means
> available.
> The problem of port 80 traffic being handled incorrectly becomes much less
> important if other ports are available.

Sure, I agree with the premise that we'd be in a better state if ports were
But that seems like an educational problem, not a mechanical problem, and
as such I am dubious about it being solvable in any near or medium-term
timeframe (it takes 5+ years to get hardware replaced normally, I think?),
assuming it is solvable at all.
(Looking at education for even simpler things, apparently education is an
extremely difficult problem...)

I am in no way opposed to people trying to go down that path, of course...


Received on Friday, 15 November 2013 08:14:30 UTC