Two related links I'd like to share with you. Both illustrate another viewpoint on the end-to-end principle.
From my brother comes this irridescent infomation opal:
VoIP hackers gut Caller ID
Hackers have discovered that implementation quirks in Voice over IP make it easy to spoof Caller ID, and to unmask blocked numbers. They can make their phone calls appear to be from any number they want, and even pierce the veil of Caller ID blocking to unmask an anonymous phoner's unlisted number.
... [Caller ID in the PSTN] relies on telephone equipment at both ends of the call being trusted: the phone switch providing you with dial tone promises not to lie about your number to other switches, and the switch on the receiving end promises not to reveal your number if you've asked that it be blocked.
I'd argue with the headline. A better one might be "PSTN identity scheme proves hopelessly insecure, incapable of transition into decentralized communications era". The real lesson, though, is a corollary to the end-to-end principle. It is not just the application smarts you don't want to embed in the network. You also must decentralize the trust model too. (So you mustn't rely on network nodes being predictably dumb and free from malice.)
Transitive trust doesn't socially scale beyond your village. If Alice trusts Bob, and Bob trusts Charlie, then Alice may choose to trust Charlie. If Charlie misbehaves, and Charlie is a close neighbor of Alice, then Alice can tell all of Charlie's friends what a stinking rotter he is. But if instead of Charlie it's Mr Chang from China [no offense to Chinese readers intended], Alice can complain as much as she likes, Mr Chang's friends aren't listening.
Our next gleaming semi-precious lump of infocrystal comes courtesy of /.:
Appeals Circuit Ruling: ISPs Can Read E-Mail
The US Court of Appeals for the First Circuit (covering Massachusetts, Maine, New Hampshire, and Rhode Island) has ruled that e-mail providers are not violating the law by reading users' e-mail without the user's consent. The decision finds that the Wiretap Act does not cover interception of communications where the communications are being stored, not transmitted.
So, not only should you not trust the network to transmit your packets unmolested, you shouldn't even trust the network to keep your data private.
So perhaps the end-to-end principle needs some refinement. Not only is it imperative that the application layer exists at the edges and the middle is dumb transport. It is also imperative that the network edges actively collaborate to prevent the middle from being anything other than dumb transport.
Posted by Martin Geddes at 11:32 PMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/268