title: Almost a joke

 

by: Scott Bradner

 

Since at least the late 1970s it has been a tradition in the Internet Engineering Task Force (IETF) to publish April Fools Day RFCs.  Starting with the Telnet randomly-lose option (RFC 748) in 1978 and continuing to the present day the RFC Editor has published real looking but bogus technical specifications on the first of April of most years.   The purpose of these ersatz standards is to entertain and, sometimes, to make a point.

 

The most well known of the these April Fools Day RFC is the 1990 "Standard for the transmission of IP datagrams on avian carriers" (RFC 1149), which was updated 9 years later by RFC 2549, "IP over Avian Carriers with Quality of Service."  These are parodies of the rush to run the Internet Protocol over just about any type of media -- in this case carrier pigeons. But they can be also used to see if a router or host vendor is paying attention.  Last year a European firm issues a Request for Proposals that listed a large number of IETF RFCs and asked that bidders indicate which ones they supported.  RFC 1149 was one of the listed RFCs.  A number of would-be vendors checked the box to indicate they supported the technology but at least two vendors were not fooled.  Juniper Networks said that the RFC "was not serious" and Cisco said they only supported the technology April 1st.

 

This year three April Fools Day RFCs were published:  RFC 3091 "Pi Digit Generation Protocol" which describes a service that generates the value of Pi for hosts that can not do it for themselves, RFC 3092 a scholarly treatise on the "Etymology of "Foo"", and RFC 3093 written by Harvard graduate student Mark Gaynor and me on a "Firewall Enhancement Protocol (FEP)." (All IETF RFCs can be obtained through the IETF web site at www.ietf.org.)

 

 This RFC is also a parody but one which a number of people have already pointed out may be a bit too close to the truth for comfort.  We describe a way to run the Internet protocol suite over the transport protocol for the world wide web (HTTP).  Our stated rational for this is the growing number of firewalls, which generally pass HTTP unmolested, being used by enterprises are inhibiting the ability of the people behind the firewalls to try out new applications.  In the RFC we claim that the FEP does not change the security barrier created by a firewall since firewalls are generally ineffective if the attacker has a confederate on the inside.

 

There is a serious point lurking beneath the humor.  The dynamic growth of the Internet was driven by the thousands of new applications whose development was enabled by the wide open Internet.  Now legitimate security worries are placing barriers in the net.  But these barriers do slow innovation and the net is the worse for them.

 

disclaimer:   Humor, or what passes for humor at the Lampoon, has been an undercurrent at Harvard for a long time but the University was not involved in the above joke.