Return to Ad-Hoc Forum Forum - Message Thread - FAQ

Username: Aetius
Date/Time: Tue, August 15, 2000 at 12:20 AM GMT (Mon, August 14, 2000 at 7:20 PM EST)
Browser: Microsoft Internet Explorer V5.01 using Windows 98
Score: 5
Subject: Re: IP solution for Dial-Up Users

Message:
 

 
              
>NFS, let connections stay while offline, running servers ...
>All but the last requires static IP addresses. And this are legitime
>requirements. Dynamic DNS does solve the server problem partially.
>It's still not possible to call out from the ISP without having
>a static IP address for each server.

My point is that these are analog *dial-up* users -- those who need static IPs can get them (for a price), but the vast majority don't need it.  I would argue that anyone exposing NFS to the Internet has got to be certifiable -- but your point is taken there, in the case of a more secure protocol.  I'm not sure what you mean by "call out" from the ISP.

>I think that uniquely identifying a dial-up user would merely provide
>a much easier way for people to be tracked and identified on-line.

>I see no reason for such a identification request.

Neither do I -- but someone would figure out something to do with it if it was available.  I don't want that to happen.  It's bad enough that high-speed users are easily identifiable;  we don't need to make things worse.  Anonymity is one of the keystones (and banes) of the Web.

>Communication solutions already exist -- there is no need to make the
>spammer's job easier.

>Why do you assume, static IPs or names ease the life of a spammer?

Because a static name is a better target.  Would your rather have a list of email addresses that loses value over time as people move around, or a single, static address that is unlikely to change even if the person changes ISPs?  A static target has more value than a transient one -- not only is your email likely to remain the same, but your habits would be much easier to follow and target advertising.

>And what about people who have multiple
>computers logged in at the same time, or multiple computers behind a
>dial-up line on an ipmasq server? How would they be identified?  How
>would you handle multi-link ppp users with two, three, or five lines
>dialed up?

>The current solution works fine. It will work fine even in the case
>of static IPs and names. There is no need for Identification by
>address in the Internet. (Of course, there are marketing guys ...)

The current solution is a hack.  Other than that, I think you are pretty much correct.  Let's say I have fifty users behind an ipmasq server.  All of these users "unique identifiers" are tracked to the same IP. Great for anonymity (sort of) but not so good for uniquely identifying each person -- which was what he was trying to do.  Worse yet, one of those users dials out on their modem to another ISP -- and now the user's unique ID exists in two places. Ouch.


>The overhead would be incredible, to maintain a dynamic system for
>the millions of dial-up users.  And remember that computer networks
>do not like things being addressed exactly the same -- tends to cause
>all kinds of neat (and ulcer-inducing) things to happen.

>Please read IPv6. It offers several solutions.

I *have* read IPv6.  Tacking a user's MAC address on at the beginning of a modified IPv4 address, changing everything to hex, and calling it unique is... well... not what I would have chosen. :)  Leaving aside completely the privacy and security concerns, bringing a data-link layer ID into the network and transport layers is a solution that at the very least needs to be carefully examined.

I don't think that IPv6 is the solution to our problems.  I don't think that having every device in the world on the Internet is the solution to our problems.  Introducing complexity is always a dangerous thing. Doing it in such a way that almost guarantees problems (both technical and political) is just dumb.  Make no mistake -- IPv6 is very complex.  Manual configuration is discouraged.  Address assignment is by stateless broadcast -- *that* ought to be interesting; here, let me just connect to your wireless network.  You think tracking someone is hard now on the Internet?  Wait till I write a program that drops my interface, changes my MAC address, then plugs back in and gets a new address -- every, say, 10 minutes.  On 300 interfaces.  That are mobile.  That I'm using to scan your webserver for vulnerabilities.  That belong to someone else. :)

It also has some cool advantages.  Numberspace is obvious; the stateless configuration would be great for a flexible, dynamic environment -- much less of a hassle when security is not an issue, and assuming you have a router available.  Built in IPSec(yay!).  Less load on routers, and more control over what goes where.

My argument is that we really need to take a good long look at what we're doing here.  You said it yourself; there is no need for Identification by address on the Internet (I would add "for the average user" -- servers of course being the exception).  Yet that is exactly what IPv6 does, and what this gentleman's dial-up idea would do as well.  I fundamentally disagree with that.  I don't have a solution to offer in it's place, except what is currently being done, which will be probably be inadequate soon.  That's why I'm a member here.

Aetius
     

 


Message Thread: