See correction at end of article
On Sept. 15, 2003, engineers at Verisign pressed a button and launched SiteFinder, a service that directed Web users who mistyped
.com or .net Web addresses to a VeriSign search engine rather than the usual “page not found” error message.
Within minutes, the new code rippled through the worldwide .com and .net domain name routing infrastructure, which VeriSign
controls. Within hours, according to the Internet Corporation for Assigned Names and Numbers (ICANN), it had begun interfering
with and in some cases rendering inoperable many spam filters, e-mail applications, and sequenced lookup services designed
to expect the prior error message protocol.
Within days, a public outcry from the technical community and ISPs — who had scrambled to write work-arounds to the new code
— forced ICANN to demand the withdrawal of the new service, claiming it “substantially interfered with some number of existing
services” and “considerably weakened the stability of the Internet.” On the night of Oct. 4, VeriSign pulled the plug.
Future historians may call this episode the Pearl Harbor of the Web. For many, it was the strongest indication yet of a war
that’s begun over the Internet’s future — a war that pits innovation against stability and security, commercial interests
against technical communities and regulatory bodies, and proprietary initiatives against consensus protocols.
Site Finder exposed a key battleground: Should more intelligence be added to the Internet’s core to bolster performance and
security, or will adding intelligence to the core clog up the Web, limiting innovation and undermining the so-called universal
end-to-end connectivity principle?
“The commercialization of aspects of the network has led to forces like the VeriSign one, and of course, I’m not happy at
all about that,” says Vint Cerf, senior vice president of technology strategy at MCI, and widely known as one of the fathers
of the Internet for his role in designing the TCP/IP protocols. “They’ve gone in and changed the core functionality of the
Net, and for most of us, that’s just unacceptable.”
Counters VeriSign’s CEO Stratton Sclavos: “People who believe that change at the core is not a good thing have good intentions
… but perhaps have lost their way about the realities of what this network is today and what it must become.”
Goodbye to the end-to-end principle?
The VeriSign development came on the heels of other incidents that seemed to indicate the Internet’s vaunted end-to-end principle’s
days were numbered. In August, some ISPs blocked Port 135 in response to warnings that hackers could use it to exploit a vulnerability
in Microsoft Windows’ RPC (Remote Procedure Call) protocol. Although many enterprises and end-users had already blocked Port
135, some were still using it — for example, to connect Microsoft Outlook to Exchange Server — and found themselves cut off.
Other incidents, according to Fred Baker, a Cisco fellow and former chairman of the Internet Engineering Task Force, have
included third-world countries outlawing VoIP (voice over IP) traffic for economic reasons and China Telecom disabling DNS
access to specific end-users’ servers for political purposes. All these incidents violate the end-to-end principle, in which
end-users and applications know what’s happening throughout the network and are able to leverage known end-to-end protocols.
According to Cerf, the balkanization of the Internet and the erosion of end-to-end visibility has been under way for a decade,
thanks to escalating security threats and rapid Internet growth. Cerf points to the wholesale deployment of increasingly intelligent
devices such as stateful firewalls and NAT boxes that increasingly block or translate network traffic under certain conditions,
stymieing the end-to-end principle. NAT boxes allow ISPs and enterprises to work around the growing scarcity of IP addresses
by letting many computers share the same address.
“Architectural purists like me consider NAT boxes to be a form of abomination,” Cerf explains. “They make it look [to end-users]
like the network is still functioning on an end-to-end basis, but what they don’t know is that there’s this guy in the middle
madly translating.”
NATs and the middleware written to accommodate them, Baker adds, make it difficult for new applications to use the Net without
being specifically tuned for a given local environment.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
