Re: [apps-discuss] AJAX is the new NAT

"Peterson, Jon" <> Wed, 23 March 2011 21:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 438233A6957 for <>; Wed, 23 Mar 2011 14:47:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -106.566
X-Spam-Status: No, score=-106.566 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IvOp69u-88ok for <>; Wed, 23 Mar 2011 14:47:23 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 931943A6934 for <>; Wed, 23 Mar 2011 14:47:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=neustarbiz; t=1300916933; x=1616257663; q=dns/txt; h=From:Date:Subject:Message-ID:Content-Language: Content-Type:Content-Transfer-Encoding; bh=BF20mwOLlSaBCB6BvHPaU S1ErEfXkTNwgj1UZOuxjyc=; b=a2RWn8S+vDPpz1L/N8qVkDHXu6gp0WZmF1Jxl qkaxI8YyNx4Bf2ka7fsf046ECHzYeZH4b3OCLvAa8KyBvfq0g==
Received: from ([]) by with ESMTP with TLS id 5202415.35876581; Wed, 23 Mar 2011 17:48:52 -0400
Received: from ([fe80::31b6:4d09:2ada:e6c0]) by ([::1]) with mapi; Wed, 23 Mar 2011 17:48:51 -0400
From: "Peterson, Jon" <>
To: Marc Petit-Huguenin <>
Date: Wed, 23 Mar 2011 17:48:50 -0400
Thread-Topic: [apps-discuss] AJAX is the new NAT
Thread-Index: AcvppBkO9/IAqVe6TveQShOGTAPxoA==
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
x-ems-proccessed: R64IxjzeHPwwd+efoj3ZcA==
x-ems-stamp: DfCkrmtEEZByYfKX9et5ZA==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Apps Discuss <>
Subject: Re: [apps-discuss] AJAX is the new NAT
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 23 Mar 2011 21:47:25 -0000

I don't think the IETF started working on NATs because we all woke up one morning and decided that NATs were a great benefit to the Internet after all. We started working on NATs because we recognized that market forces well out of our control had selected NATs as a part of the Internet, whether we liked it or not. When we do our work, we have a choice: do we want to make the Internet better, or make better an imaginary network that embodies what we ideally want the Internet to be?

To the argument that javascript leads us back to the innovation-crippling "telecom model," and that building applications on top of the web is inherently antithetical to end-to-end principles, I can only say that numerous small developers seem to leverage the web ecosystem today for their business, and that although there are giants in the web field who collect the lion's share of the revenue, the same seems to be true in the routing vendor business, say. If we do our job in the IETF, and build tools that will support security, scalability and interoperability in the web space, I don't think this design space poses any greater danger to the end-to-end model than we see elsewhere in the IETF. If we neglect our responsibilities in this space, however, and then probably lower-layer components will adopt non-interoperable working parts, and we will drift closer to the forecasted "splinternet." The discussion in RTC-Web about the potential for interoperability between different web VoIP services throws this into painful relief.

Jon Peterson
NeuStar, Inc.

On Mar 23, 2011, at 2:13 PM, Marc Petit-Huguenin wrote:

> On 03/23/2011 01:22 PM, Carsten Bormann wrote:
>> So, AJAX appears to be the new NAT.
>> (For those who weren't there in the 1990s: the IETF closed their eyes
>> with respect to the emerging pervasiveness of NATs and continued
>> designing protocols that ignored NATs and then didn't win.
>> I was hoping we would never do that again.)
>> (For those who weren't there in the 2000s: AJAX has indeed made the
>> browser a useful application delivery platform.  Once a node can
>> control the code on *both* communicating peers, it can do interesting
>> things without having to standardize much, as shown in RFC 3320 and as
>> demonstrated nicely in AJAX.  If you read German, there is even a
>> somewhat dated book from 2005 still online at
>> the initial chapters
>> of which explain why this form of mobile code is winning.)
>> Now for 2011:
>> What we need to do is acknowledge that AJAX has happened.
>> The Web hasn't been "hypertext" for a long time now.  With all the
>> negative (and not so negative) effects, which were nicely tabulated by
>> Mark Nottingham in this thread.
>> What we also need to do is help steer the standards-based foundation
>> so that it encourages each and every single developer to favor
>> standards-based (or standards-like) APIs/protocols even in this brave
>> new world.  The persistence of REST in the AJAX world has helped a
>> lot; other, community-driven standards such as JSON have even been
>> picked up by the IETF (even though RFC 4627 is labeled Informational).
>> But, for example the rigid same-origin policy of the existing browser
>> world makes standards-based APIs less useful though -- AJAX apps can
>> only use their own servers' APIs, so there is less incentive to offer
>> AJAX APIs for consumption by other apps/clients.
>> The IETF needs to *help* the AJAX world, not close our eyes again.
>> Help AJAX get better, get more secure.  Get more standards-based, more
>> open.
> The greedy corporations who sold NATs to fix a problem that could have been 
> fixed the right way, but with less money in their pocket, ruined the Internet 
> for everybody.  The same thing is happening today with a bunch of hyperactive 
> people who still do not understand why it is wrong to copy the user input 
> directly in a database query and want their fabulous application deployed in the 
> next 5 minutes.  You do understand that we are going back to the telecom model, 
> intelligent network, dumb terminals, lots of money in their pockets, not much in 
> ours, right?  Why smart people like the IETF want to be sure that in a close 
> future they will never ever again been able to invent a new application that 
> does not go through the servers of a few powerful corporations answering only to 
> their shareholders is beyond me.
> Yes, the end to end argument is dying, but what are we doing about this problem, 
> is the right question.  Not how a chain saw is a better tool to cut the branch 
> we are perched on.
> -- 
> Marc Petit-Huguenin
> Personal email:
> Professional email:
> Blog:
> _______________________________________________
> apps-discuss mailing list