What should/does a proxy do?

[Hal <hal () mrj com>]

I expect this is an old argument.  What should a proxy do?  I would 
distinguish between normal proxing functions, for example, what the 
FWTK plug-proxy will do and *guard* functions that detect, flag or prevent
well known protocol (or data) driven attacks. Normal proxing functions
I would argue are easily documented because they are the external
behavior of the proxy. Guard functions are not easily knowable because
they are almost always internal to the proxy.   For example, limiting the 
range of commands and some of their arguments in SMTP, checking for, flaging or blocking known vulnerabilities in HTML 
or even with specific
industry wide browsers.  If you check the FWTK html proxy you find 
several such specialized checks. 

Proxy guard functions are obviously focused on the protocol being proxed but
should there not be a minimum, a standard set or a measure to let us, the
general security community know what each firewall can or cannot provide
in the way of proxy defenses?  

--------------------------------
"All models are wrong
some are useful"                        H L Feinstein
-------------------------------                 Security Adminstrator
                                        MRJ Technology Systems.