[dns-operations] [dnssec-deployment] [dns-wg] Re: .SE releases report on consumer broadband routers

Dave Piscitello dave at corecom.com
Mon Mar 24 15:22:37 UTC 2008


I seriously doubt that any vendor would sell a product under the 
category "Middle Boxes". Middlebox is an abstraction (see RFC 3234?). 
Certain broadband access devices (oh, my, the acronym "BAD" applies 
here!) are real world implementations of that abstraction.

At the consumer/broadband level, precision with respect to technical 
language is wholly disregarded in favor of something familiar (router or 
firewall, in this case, and remarkably so) or something that sounds 
impressive (the NetScream TurboAccess Millenium 4000 FX).


Patrik Fältström wrote:
> 
> On 26 feb 2008, at 11.18, Stephane Bortzmeyer wrote:
> 
>> If they mess with DNS data, they are not routers (a layer 3 device,
>> neutral with respect to the content), they are middleboxes (a layer 1
>> to 9 device, able to break anything).
> 
> Well, it is more complicated than that. Many people do think that NAT 
> boxes are layer 3 devices, and if you have a double-nat mechanism then 
> "messing around with DNS packets" is a needed feature. Sure, then one 
> start walking from layer 3 towards layer 9.... But...
> 
> Anyway, this is not when we should fight about wording. We all know what 
> we talk about, and I think we should thank Patrik and others what they 
> have done.
> 
>    Patrik
> 
> 
> #############################################################
> This message is sent to you because you are subscribed to
>  the mailing list <dnssec-deployment at shinkuro.com>.
> To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> A public archive is available here: 
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment/>
> and older material is at
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dave.vcf
Type: text/x-vcard
Size: 220 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20080324/77ab7aed/attachment.vcf>


More information about the dns-operations mailing list