Firewall Wizards mailing list archives
RE: A fun smackdown...
From: "Bill Royds" <broyds () rogers com>
Date: Sun, 22 May 2005 01:00:57 -0400
I once thought it might be useful to write a generic proxy for other than the 6 protocols that are actually proxied by looking at a grammar or BNF diagram or state diagram of the other protocols and writing a parser to ensure that the protocol was at least correct according to the RFC. But RFC's don't have true descriptions of the protocol that they are supposed to be describing. More than anything, they are basically descriptions of what they want the protocol to do, but not descriptions of exactly what the syntax and semantics of the protocol should be. It would be almost impossible to write a proxy that took a grammar and verified the validity of a stream purporting to follow that proxy. You have to do what Marcus did with the DEC Seal/ Gauntlet and others, write proxy for a subset of a protocol that validates the semantics that the author feels to be somewhat securable and still useful. But that is also why the Internet based on TCP/IP has been so successful. It is defined "close enough" so different manufacturers of hardware and software can create different products operate somewhat together so that there is plenty of choice of both hardware that will work over the Internet. Lack of security is what made TCP/IP survive ahead of things like X-25, which spent a lot of overhead verifying packet validity, reception, integrity etc., including ensuring some security over the "virtual circuits" that it created. But the more secure but slower protocol lost out to the less secure but faster and more easily implementable protocol which has created the Internet we have today. The very fact that security was not a design goal for the Internet was a great part of its success. We are still living with that fact. -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Marcus J. Ranum Sent: Friday, May 20, 2005 9:58 PM To: Chuck Swiger; Paul D. Robertson Cc: firewall-wizards () honor icsalabs com; Martin Subject: Re: [fw-wiz] A fun smackdown... Chuck Swiger wrote:
You are disagreeing with a design principle from the RFC's which discusses how
to create robust software protocols. The RFCs often used to contain the phrase "this RFC does not address security." Is that one of those great design principles the IETF uses to create "robust software protocols"?? The RFC process creates interoperable *CRAP*. Standards that had been developed with security as even a passing thought would have had protocol command stacks divided into trusted modes and public modes from the get-go. I.e.: "internet-facing mail servers must support the HELO, MAIL, RCPT, DATA commands. mail servers facing trusted networks must support the untrusted commands plus HELP, VRFY, etc, etc, etc..." The RFCs are written by well-intentioned amateurs who never gave a rat's a&& for security, and the resulting Internet reflects it. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: A fun smackdown..., (continued)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Chuck Swiger (May 19)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Chuck Swiger (May 19)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Marcus J. Ranum (May 20)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- RE: A fun smackdown... Bill Royds (May 24)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Chuck Swiger (May 20)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Devdas Bhagat (May 20)
- Re: A fun smackdown... Carson Gaspar (May 20)
- Re: A fun smackdown... Marcus J. Ranum (May 20)
- RE: A fun smackdown... lordchariot (May 21)
- Re: A fun smackdown... Devdas Bhagat (May 19)
- Re: A fun smackdown... Martin (May 20)