W3C home > Mailing lists > Public > www-http-ng-comments@w3.org > July to September 1998

Re: SMUX comments

From: Jim Gettys <jg@pa.dec.com>
Date: Fri, 24 Jul 1998 14:10:00 -0700
Message-Id: <9807242110.AA31838@pachyderm.pa.dec.com>
To: Matthew_Squire@baynetworks.com (Matthew Squire)
Cc: www-http-ng-comments@w3.org
Thanks for the comments....

Just so you know, I used to be responsible for Digital's second
largest Internet gateway/firewall (CRL), which is also where we did
our Web proxying work (Win Treese did that work, but I kibitzed).

I'm very aware of the issues involved, as a result (it was my neck if
something bad happened to Digital if Win and I did something wrong).

The presumtion is an application level relay process is involved at the
firewall.

The point behind naming the protocols on each MUX session is exactly to
enable application level filtering; since, for most situations that
MUX is intended to be used, the protocol is identified as well as
TCP/UDP ports, or by an abstract name, it is possible to build an appication
relay process for MUX that uses the protocol names to enforce policies
exactly as they would be enforced for native protocols.

See the Atoms and Protocol ID section of the specification; each
session, at the time it is opened, has the protocol name associated
with it.  So, for example, if you are using HTTP, you would normally
identify the session as HTTP (i.e. port 80); the relay can then
apply the boundary policy just as it would for un-multiplexed HTTP.

Hope this helps; I could add a section to a future draft clarifying
firewall proxies.

				- Jim


--
Jim Gettys
Digital Industry Standards and Consortia
Compaq Computer Corporation
Visting Scientist, World Wide Web Consortium, M.I.T.
http://www.w3.org/People/Gettys/
jg@w3.org, jg@pa.dec.com
Received on Friday, 24 July 1998 17:09:40 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 13:07:28 EDT