Dear James, Yes we both know that improvements have been made and you have indicate a great knowledge of the groups of protocols we know as TCP/IP. I agree we have made inroads since the early inception of the protocols - however you understand that - Particularly Windows relies on the ability we have within the protocol for escalation of authority which we can never fundamentally change as we are dependant on this at the Client PC - The main issue in this article is the ability to escalate authority - Yes I agree with you HTTP/SSL where we can dump 'r' commands. With your obvious knowledge I think you will agree that our only escape from the innate issues about the protocol are solved with TCP/IP V6. You know as well as I do that the world root servers run TCP/IP V6. The issues of escalation have been dealt with in V6 - however would wide adoption of V6 at the client end will take decades. WE with Suse Linux attribute our security because it runs on V6. There is mass translation in the product as you well know and if you run your own DNS server, any enquiry made to a another DNS server; if it can communicate by V6 IT WILL. This is very easy to see when you look at a real time log of the DNS server created in a Suse Linux platform. Its not had to log all activity into the system log and view it. Thank you for bringing sensible and constructive conversation about comms issues. It is nice to be able to discuss comms with another who has an understanding of its role. Have a great Day James Scott ;-) James Knott wrote:
I'm not quite sure where to start, but there are a lot of errors in your message.
Registration Account wrote:
TCP/IP I am sorry will go down in history as the most insecure and worst collection of protocols ever conceived.
Some protocols aren't that great. Others are fine and some have been fixed.
The origins of TCP/IP are well know as it was created by the US Government and bell Labs in 1979. It was to provide a vehicle that could network US Military missile silos and internal comms.
It was developed on behalf of DARPA, a defence dept research organization as a result of investigations into robust networks that could survive a fair amount of damage. It was initially used to link the military and research institutions, such as universities.
It was abandoned because the protocol was subject to potential abuse and not considered a secure comms protocol.
I think you need to have a look at the beginnings of TCP/IP and realise why is was dumped. http://64.233.167.104/search?q=cache:CCf8DOW0v1QJ:csrc.nist.gov/publications/secpubs/ipext.ps+tcp/IP+fails+bell+labs&hl=en&ct=clnk&cd=5&gl=au&client=firefox-a
That article was written 14 years ago. A lot has happened since then. Some of the things it discusses have been replaced by more secure methods, such as the "r" commands with secure shell etc.
But so much money was spent on development, Microsoft saw an instant market for its use. TCP/IP because of its flexibility provided the vehicle for the world wide web which was essentially meant to transfer information. As the web grew the issues of innate design flaws in the protocol needed patching up to provide HTTP/SSL.
MS initially resisted it and Windows 95 was originally planned to not use it. It was only after many other companies started adopting it, that MS did as well. For example, OS/2 had it included with Warp 3, which was released in 1994, more than a year before Windows 95. Novell was also starting to work with it then too.
It is important to realise that the TCP/IP fundamentally failed as a secure comms transport because of the ability for an intermediate intercept being not only able to join the a data stream from A - B, but more over was capable of permitting a third party to escalate their own authority, despite not being a part of the communications from A - B.
In Australia we will NOT use TCP/IP for government or direct Banking requirements. Thats why do don't worry about massive amounts of data being hijacked. You will recall the latest computer fraud in the USA where a merchant lost over 200.000 customer credit details etc.
http://www.merchantaccountblog.com/archives/268 http://www.google.com.au/search?q=data+loss++in+us+merchant+in+2007&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a
ALL government Mainframes and law enforcement use SNA here and we are not about to dup it in the short term. We don't have Data high jacking in this country as a result.
With respect to token ring - Do not dismiss the topology as it is capable of carrying many transport layers. The issues of speed that have been tanked about are wrong. Token ring submits 1 token at a time - It does not use multiple tokens. The topology is dependant on the speed it takes from 1 token to pass the logical LAN with many Lans coming from different routers (not MAU's). Speed issues have improved out of sight since original design. The major issue early on was that the cable that token ring requires is as expensive as hell, Unshielded twisted pair is a cheap as chips. http://www.google.com.au/search?q=token+ring+multiple+protocols&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a
Ethernet also used fairly expensive cable initially.