[ih] "Gateway Issue": End-Middle Interactions

[Jack Haverty]

Recent discussions on this list reminded me of another issue that was on 
the ICCB's "things we need to do" list in the early 1980s.

My ancient notebook just lists something like "control mechanisms". 
Here's what I remember about what that meant on the 1980s ICCB to-do 
list as I feverishly worked to copy it off some whiteboard:

---------------------
Issue: End-Middle Interactions

Within the Internet, activity generally involves some kind of 
interaction between computers over a TCP connection.  At each end, a 
program is running under the control of one of that computer's Users, 
who has been identified by some scheme involving a password and then 
verified as authorized to use the Internet.   Some users access remote 
computers by a connection from their terminal to a TAC (Terminal Access 
Controller), which also requires password authentication from each 
User.  Additionally, various projects are creating mechanisms to permit 
such TCP connections to be protected by encryption techniques.   The 
Internet architecture provides mechanisms whereby Users can be reliably 
identified and authorized to use the Internet, with their interactions 
protected against interference or disruption by outsiders.

However, such "End-to-end" communications also involves considerable 
"End-to-Middle" ancillary, but critical, communications.   One example 
is some of the ICMP interactions, e.g., between a gateway somewhere in 
the Internet and a TCP running in a Host computer. Another is the 
interactions performed by the ARP mechanisms, which enable an IP address 
to be associated with the appropriate LAN address.

Such interactions are examples of End-to-Middle communications. They are 
necessary elements involved in setting up and operating every TCP 
connection.  As such, each End-to-Middle communications pathway should 
be identified, and suitable mechanisms be defined and implemented for 
each End-to-Middle information flow to provide adequate protection 
appropriate to the protection methods used for TCP connections.

---------------------

Since the early 1980s, many more End-to-Middle mechanisms have been 
created.  Some of them seem to have been examined and protection 
mechanisms defined (e.g., DNSSEC, HTTPS, SSL, TLS, etc.).  But I don't 
know how well they've been designed and implemented or how extensively 
they've been actually deployed throughout the Internet.

Also, usage patterns of the Internet have changed significantly.  We no 
longer just type at terminals and transfer files.  Humans are no longer 
the only Users.  Perhaps they're not even the dominant User community.   
There's a lot of Servers out there, madly and constantly talking to each 
other for their own missions.   Servers are Users of the Internet too.

Some End-to-Middle mechanisms don't seem to have changed much.  The ARP 
interactions which we exploited in the 80s to create the debugging tool 
"Flakeway" seems to still exist.  I've been told it has even become a 
critical element of NAT implementations.

With the explosion of "applications" that use TCP, new End-to-Middle 
interactions have been introduced.  An example is in the Email Service, 
where Headers now contain all sorts of information, placed there by all 
sorts of actors along the way, presumably for use by all sorts of other 
actors in other places.   Whether and how all these information flows 
are authenticated and protected is unclear to me at least.

But all such End-to-Middle information flows are important to us Users, 
even the Servers.   Even if we don't know it.

Jack Haverty

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://elists.isoc.org/pipermail/internet-history/attachments/20241006/24516206/attachment.asc>