W3C home > Mailing lists > Public > ietf-discuss@w3.org > August 2001

Re: Use ofHTTP to pass firewalls

From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date: Mon, 13 Aug 2001 19:36:25 -0400
Message-Id: <200108132336.f7DNaPO08282@nic-naa.net>
To: jpalme@dsv.su.se
cc: discuss@apps.ietf.org

I don't plan on following this thread in discuss@apps.ietf.org.

It was the subject of discussion at the Apps Area Open at IETF-44,
at least in its transport aspect.

From the end2end-interest list, with permission of the author.


------- Forwarded Message

Thread-Topic: [e2e] Fwd: Camel's nose in the tent
Thread-Index: AcEkQAUWrIV+7hbwSeOw5h++zDr35AAA9ZLw
From: "Christian Huitema" <huitema@windows.microsoft.com>
To: <end2end-interest@postel.org>
List-Archive: <http://www.postel.org/pipermail/end2end-interest/>
Date: Mon, 13 Aug 2001 15:08:30 -0700

The business of filtering based on port numbers is rapidly getting
insane: blocking incoming 80, "transparent proxy" of outgoing 80,
blocking 25... I think we should rewrite the browsers and SMTP agents to
use alternate ports, picked more or less at random. In fact, we already
have the tools to do that with the SRV records. I can think of a
filter-breaker that will first try to access www.example.com:80, and if
that breaks for any reason, try to resolve "_http._tcp.www.example.com
IN SRV" -- et voila, alternate port number, filtering is defeated...
Same could work for mail, etc.

- -- Christian Huitema

------- End of Forwarded Message
Received on Tuesday, 14 August 2001 10:00:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:38:01 UTC