Firewall Wizards mailing list archives
Re: executable content
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Tue, 23 Sep 1997 23:28:53 +0000
The majority of customers I have encountered are concerned with performance above all else and scanning for the embedded script languages introduce noticable latency for an HTTP proxy.
Yup. ActiveX applets are supposed to (eventually) be signed w/public keys. That'll be interesting, also, from a performance standpoint. Certificate verification isn't too bad, computationally, but in a full-blown certificate environment* a check might require fetching certificates and revocation lists, etc., ad nauseam. I believe we have a problem here. The network is growing very fast and the quantity and variety of services is increasing even faster. I am not convinced that any of the solutions I've seen (firewalls, signatures, etc) have sufficient scaling properties that they're going to be anything but short-term measures. mjr. (*such as will most likely never come to exist) ----- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. <A HREF=http://www.clark.net/pub/mjr>Personal</A> <A HREF=http://www.nfr.net>Work</A> <A HREF=http://www.clark.net/pub/mjr/websec>New Book!!</A>
Current thread:
- executable content dnewman (Sep 23)
- Re: executable content Wyllys Ingersoll (Sep 23)
- Re: executable content Marcus J. Ranum (Sep 23)
- Re: executable content Wyllys Ingersoll (Sep 23)