W3C home > Mailing lists > Public > www-http-ng-comments@w3.org > July to September 1998

Re: SMUX comments

From: Matthew Squire <Matthew_Squire@BayNetworks.COM>
Date: Sat, 25 Jul 1998 07:42:16 -0400
Message-Id: <3.0.32.19980725074209.006cf994@bl-mail1.corpeast.baynetworks.com>
To: jg@pa.dec.com (Jim Gettys)
Cc: www-http-ng-comments@w3.org

As my last comment on the subject...

I understand how firewalls and application proxies work, and I too have
helped implement firewall schemes for multiple companies, beyond simple
protocol filtering.  I'm not claiming mux'ing is evil, only that it
represents a *significant* paradigm shift for protocol identification, and
hence protocol filtering, which has been and continues to be used by many
folks as their first (and sometimes only) security measure.  Not every
company is running some server(s) as an application firewall(s) for every
protocol.  

Does mux'ing make things worse?  Probably not, especially not to a true
attack.  But it seems to open up more problems with "stupidity" attacks,
things like config errors or innocent misuse.  

Mux'ing does CHANGE things, and hence it can invalidate existing measures.
 Some users might object to having a basic operating premise changed.  

- Matt
Received on Saturday, 25 July 1998 07:39:22 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 13:07:28 EDT