- From: Matthew Squire <Matthew_Squire@BayNetworks.COM>
- Date: Fri, 24 Jul 1998 14:46:55 -0400
- To: www-http-ng-comments@w3.org
Jim, Henrik - I wanted to throw in a quick comment on SMUX. The possibility of an SMUX protocol (or something similar) has me worried. Specifically, the goal: "* allow mulitple protocols to be multiplexed over same TCP connection" Its a beautiful goal in an ideal world, but a great many of us spend our electonic lives behind firewalls. The possibility of combining multiple protocols over a single TCP port is perpendicular to the basic premise of firewall security. In order to do per protocol policy enforcement, I would have to scan the TCP SMUX stream, jumping from one smux header to the next while checking the protocol (killing the TCP connection on violation, or worse, trying to adjust the TCP windows). If I have more than one firewall into my site, than I can't do it at all because I might not see the whole stream. The only realistic option that I have, as both a builder of routers and as a site administrator, is to not allow the SMUX protocol across a firewall. If SMUX isn't allowed across firewalls, then it won't reach businesses, and if it can't reach into businesses, what's the point? Unless we either restrict the protocols to http/http-ng, or come up with an easy way to apply per protocol filtering, then I can't see how this idea will float. Unfortunately, the latter requirement seems to degenerate into something along the lines of sharing congestion info across TCP control blocks (rfc 2xxx). Of course, this is just one opinion... - Matt
Received on Friday, 24 July 1998 14:40:22 UTC