W3C home > Mailing lists > Public > ietf-discuss@w3.org > August 2001

Re: Use ofHTTP to pass firewalls

From: Keith Moore <moore@cs.utk.edu>
Date: Tue, 14 Aug 2001 12:40:31 -0400
Message-Id: <200108141640.MAA22562@astro.cs.utk.edu>
To: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
cc: jpalme@dsv.su.se, discuss@apps.ietf.org 
If we used SRV records to pick ports then the firewalls would just
intercept DNS queries to know which ports to intercept, and this
would just create a bigger mess.  Especially given that NATs do 
something like this already.

end-to-end IPsec would help, but it's really difficult to deploy.

it would also help if software vendors stopped shipping apps 
that were vulnerable to network-borne viruses.

IMHO, standards should say that an app MUST NOT present downloaded
content unless the security considerations for that content-type
and application had been studied and any known threats ameilorated.

Keith
Received on Tuesday, 14 August 2001 12:41:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:28 GMT