A 100.000 foot perspective on "what is the problem"

Melinda Shore mshore@cisco.com
Mon, 16 Dec 2002 12:35:38 -0500 

Just to clarify, I wasn't referring specifically to Jonathan
in my comments about STUN, who's clearly functioning in good
faith and with a concern for doing the right thing, but to
the leapers-oners.  I apologize for any lack of clarity
about that in my comments.

Also, to get closer to the topic at hand, I do think it's a
mistake to publish "interim" protocols that don't have
specific transitional value.  Either a protocol can stand on
its own merits or it can't, and clearly if a protocol
catches on and becomes widely deployed it's likely to be
with us for a long, long time regardless of what the
original intent was.  So, in the future let's either publish a
protocol or not publish a protocol and forget about this
"interim" stuff.

> Melinda, engineering is not a discipline of absolutes. There is no such 
> thing as an architectural nirvana. Engineering is about the art and 
> science of tradeoffs. A good engineer is one that understands the 
> various axes involved in a tradeoff, and objectively weighs them against 
> each other.

We tend to weigh this bit against that bit, but (and this is
something that's a *huge* problem when talking about
security) it's necessarily the case that when trying to find
a balance, present utility outweighs future hypothetical
problems.  This is where the question of who our audience is
comes into play, as well as (to a lesser extent) the
question of whether we're a standards body or an engineering
body (and there's a balance to be struck there, as well).  I
think it can be argued that the balance we're talking about
in many cases revolves more around need vs. *potential*
(i.e. not actual) problems rather than engineering per se.

In the case of NAT the problem is *so* pressing and we
haven't come up with a "good" answer, and so the need for
STUN clearly outweighs any future potential problems.  The
difficulty, however, is that in the future it's clearly
going to be more attractive to keep adding stuff to STUN
than it is to adopt a completely new protocol, regardless of
potential security or architectural problems.  

Melinda