- From: Keith Moore <moore@cs.utk.edu>
- Date: Tue, 14 Aug 2001 12:40:31 -0400
- To: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
- cc: jpalme@dsv.su.se, discuss@apps.ietf.org
If we used SRV records to pick ports then the firewalls would just intercept DNS queries to know which ports to intercept, and this would just create a bigger mess. Especially given that NATs do something like this already. end-to-end IPsec would help, but it's really difficult to deploy. it would also help if software vendors stopped shipping apps that were vulnerable to network-borne viruses. IMHO, standards should say that an app MUST NOT present downloaded content unless the security considerations for that content-type and application had been studied and any known threats ameilorated. Keith
Received on Tuesday, 14 August 2001 12:41:28 UTC