- From: Matthew Squire <Matthew_Squire@BayNetworks.COM>
- Date: Sat, 25 Jul 1998 07:42:16 -0400
- To: jg@pa.dec.com (Jim Gettys)
- Cc: www-http-ng-comments@w3.org
As my last comment on the subject... I understand how firewalls and application proxies work, and I too have helped implement firewall schemes for multiple companies, beyond simple protocol filtering. I'm not claiming mux'ing is evil, only that it represents a *significant* paradigm shift for protocol identification, and hence protocol filtering, which has been and continues to be used by many folks as their first (and sometimes only) security measure. Not every company is running some server(s) as an application firewall(s) for every protocol. Does mux'ing make things worse? Probably not, especially not to a true attack. But it seems to open up more problems with "stupidity" attacks, things like config errors or innocent misuse. Mux'ing does CHANGE things, and hence it can invalidate existing measures. Some users might object to having a basic operating premise changed. - Matt
Received on Saturday, 25 July 1998 07:39:22 UTC