Re: executable content

["Marcus J. Ranum" <mjr () nfr net>]

> The majority of customers I have encountered are concerned 
> with performance above all else and scanning for the embedded 
> script languages introduce noticable latency for an HTTP proxy.   

Yup. ActiveX applets are supposed to (eventually) be
signed w/public keys. That'll be interesting, also, from
a performance standpoint. Certificate verification isn't
too bad, computationally, but in a full-blown certificate
environment* a check might require fetching certificates
and revocation lists, etc., ad nauseam.

I believe we have a problem here. The network is
growing very fast and the quantity and variety of
services is increasing even faster. I am not convinced
that any of the solutions I've seen (firewalls, signatures,
etc) have sufficient scaling properties that they're going
to be anything but short-term measures.

mjr. (*such as will most likely never come to exist)
-----
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
<A HREF=http://www.clark.net/pub/mjr>Personal</A>
<A HREF=http://www.nfr.net>Work</A>
<A HREF=http://www.clark.net/pub/mjr/websec>New Book!!</A>