RE: DMZ, defined.

[David LeBlanc <dleblanc () mindspring com>]

At 05:01 PM 1/29/99 -0500, Frederick M Avolio wrote:
> It is incredible to me that after someone like Steve Bellovin reminds
> everyone in a post what a DMZ is, the conversation continues and we are
> offered "opinions" from people who admit they are "new to firewalls."

> Discussion is useful when people are trying to form a consensus, or when
> they are trying to formulate something (such as a definition). Discussion
> is really thrashing when we give our opinions about something that is not
> open for debate -- in this case the definition of a term that has been used
> for 4 or 5 years now.

If it isn't open to debate, then why would people STILL be arguing about it
here?  You apparently have not studied much of the history of language.  I
happened to study this subject for some time while in undergraduate school,
and you'll find that most language usage is actually open to debate.  4-5
years?  That's a blink of the eye in terms of language.  Steve Bellovin may
have written an excellent book, and be one of the better sources of
information in this area, but he isn't appointed as guardian of the term
DMZ.  Definitions are normally very fluid in a new area for quite some
time.  If the term had been in constant use for _40_ years, you might have
a better point.

> Terms, to be useful, have meanings. 

Yes, and usually several of them.  It is a rare entry in Webster's that
doesn't have > 1 definition, and many words have several different, but
related meanings.  That's one of the wonderful things about standards - so
many to choose from!

> While meanings do not have to be
> universal, they should be bounded be *something*. A technology area, for
> example. So, "firewall" can mean one thing in home building and another
> thing in network security. But if it has "personal" meanings to
> individuals, then it ceases to be a useful word.

This is obviously not the case.  If you think about this for a moment, such
terms as 'truth', 'love', and many, many other very useful terms all have
personal contexts.  It is really quite common that usages will vary, even
within the same area.  We're going through an enormous amount of political
nonsense in the US because 'sexual relations' means different things to
different people.  For a real lesson in this area, go argue for a bit with
some of the pedantic twits who inhabit USENET, and you'll find debates over
such things as my usage of 'common' above.

> DMZ is a defined term. It is not a matter of opinion. One can say that
> because it is defined, it is not something one can hold an opinion on. (I
> know that don't teach absolute truths in university today, but there you
> have it.) Read smb's post or the papers to *know* what a DMZ is. Firewall
> is also a well defined term.

That would be a circular argument.  It obviously _is_ a matter of opinion,
because several people here have presented quite rational arguments
defending several interpretations of the term.  Since there ARE differing
opinions, then it follows that the term has _more than one definition_.

If you feel like 'firewall' is a well-defined term, then get on any
firewalls list and claim that MS's Proxy Server is a firewall, and watch
the ensuing battle.  Then for grins go talk to the people at Microsoft who
actually create the product, and tell them it is _not_ a firewall.  If you
feel like the term is well-defined and doesn't have shades of grey (e.g.,
just how complex does a router need to be before it qualifies as a
firewall?) after this exercise, I'd be very surprised.

At this point, it is very obvious to me that the term has different
meanings to different people, and that I generally need to get someone to
describe the network layout in detail before I'll understand just how to
SECURE it.  Once I understand what _they_ mean, then we can happily use the
term as shorthand for the network segment over there with such and such
machines on it.  Arguing about whether their usage is proper will just
delay my getting to the interesting part, which is how someone might attack
that particular network segment.

I just hate it when I get so frustrated over some net topic that I end up
contributing to continuing it... 8-(


David LeBlanc
dleblanc () mindspring com