Re: [apps-discuss] AJAX is the new NAT

Carsten Bormann <> Wed, 23 March 2011 20:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B1A0728C0F9 for <>; Wed, 23 Mar 2011 13:20:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -104.341
X-Spam-Status: No, score=-104.341 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_ILLEGAL_IP=1.908, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7Vrnk3ca3T5j for <>; Wed, 23 Mar 2011 13:20:42 -0700 (PDT)
Received: from ( [IPv6:2001:638:708:30c9::12]) by (Postfix) with ESMTP id BFF1A28C0F1 for <>; Wed, 23 Mar 2011 13:20:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
Received: from ( []) by (8.14.3/8.14.3) with ESMTP id p2NKM6SK021352 for <>; Wed, 23 Mar 2011 21:22:06 +0100 (CET)
Received: from [] ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 828A75EE; Wed, 23 Mar 2011 21:22:05 +0100 (CET)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset=us-ascii
From: Carsten Bormann <>
In-Reply-To: <>
Date: Wed, 23 Mar 2011 21:22:02 +0100
Content-Transfer-Encoding: 7bit
Message-Id: <>
References: <>
To: Apps Discuss <>
X-Mailer: Apple Mail (2.1082)
Subject: Re: [apps-discuss] AJAX is the new NAT
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 23 Mar 2011 20:20:43 -0000

So, AJAX appears to be the new NAT.

(For those who weren't there in the 1990s: the IETF closed their eyes
with respect to the emerging pervasiveness of NATs and continued
designing protocols that ignored NATs and then didn't win.
I was hoping we would never do that again.)

(For those who weren't there in the 2000s: AJAX has indeed made the
browser a useful application delivery platform.  Once a node can
control the code on *both* communicating peers, it can do interesting
things without having to standardize much, as shown in RFC 3320 and as
demonstrated nicely in AJAX.  If you read German, there is even a
somewhat dated book from 2005 still online at the initial chapters
of which explain why this form of mobile code is winning.)

Now for 2011:

What we need to do is acknowledge that AJAX has happened.

The Web hasn't been "hypertext" for a long time now.  With all the
negative (and not so negative) effects, which were nicely tabulated by
Mark Nottingham in this thread.

What we also need to do is help steer the standards-based foundation
so that it encourages each and every single developer to favor
standards-based (or standards-like) APIs/protocols even in this brave
new world.  The persistence of REST in the AJAX world has helped a
lot; other, community-driven standards such as JSON have even been
picked up by the IETF (even though RFC 4627 is labeled Informational).
But, for example the rigid same-origin policy of the existing browser
world makes standards-based APIs less useful though -- AJAX apps can
only use their own servers' APIs, so there is less incentive to offer
AJAX APIs for consumption by other apps/clients.

The IETF needs to *help* the AJAX world, not close our eyes again.
Help AJAX get better, get more secure.  Get more standards-based, more

Gruesse, Carsten