W3C home > Mailing lists > Public > xml-dist-app@w3.org > July 2001

Re: A tale of two bindings

From: Mark Baker <mbaker@markbaker.ca>
Date: Wed, 25 Jul 2001 21:23:28 -0400 (EDT)
Message-Id: <200107260123.VAA08953@markbaker.ca>
To: rsalz@zolera.com (Rich Salz)
Cc: xml-dist-app@w3.org
> > While we can't stop anybody from tunneling, we should certainly aim
> > to provide a binding that makes it cheap and easy for tunneling to
> > be detected.  To not do so would be to commit a major security
> > faux pas.
> 
> Not at all.  The faux pas is to assume that potentially dangerous
> traffic is labelled.   We should be encouraging proper security design,
> which means the responsibility is at the receiving entity.  The current
> state of the art -- "gee I hope to heck nobody breaches my firewall" --
> is cave-painting, not security.

I don't want to go there.  Having that discussion, when our views
of what an application protocol is are so wildly different, would be
an exercise in futility.  Maybe later when I'm looking for a wall to
bang my head against. 8-)

MB
Received on Thursday, 26 July 2001 01:34:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:03 GMT