- From: Ben Laurie <ben@algroup.co.uk>
- Date: Mon, 22 Feb 1999 22:07:37 +0000
- To: spreitze@parc.xerox.com
- CC: ietf-http-ng@w3.org
spreitze@parc.xerox.com wrote:
>
> > Firewalls rely on knowing where traffic is
> > going. A MUXed protocol is likely to require inspection of every byte to
> > do this, or at least, reconstruction of the stream, if it is to be
> > noticably different from using multiple connections. This will make
> > firewalling almost impossible in hardware, and resource-intensive in all
> > circumstances.
>
> My vision of the solution is essentially another layer of packetization. That is, fixed-length headers that include payload byte counts. This is the same story as appears at lower layers in the IP stack, and so should be no more difficult for a firewall to handle.
But you layer on top of TCP, so stream reconstruction will be required.
This makes it considerably harder to handle.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
Received on Monday, 22 February 1999 17:07:39 UTC