Firewall Wizards mailing list archives

Re: Firewall best practices

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 28 Apr 2010 15:28:04 -0400

ArkanoiD wrote:

The problem is, it doesn't necessary needs to be root CA.


Everyone forgets that SSL was only really intended to solve a
fairly limited problem. That problem being, namely, "how can
Verisign and RSA monetize their patents on PKI?" - if you
want to understand why SSL is the way it is, you need to consider
what it was designed to do; then everything makes sense.
As I said earlier, I'm boggled that nobody has fixed it.
Consider that a measure of how much standards bodies are
really worth and how much customers care.

mjr.
--
Marcus J. Ranum         CSO, Tenable Network Security, Inc.
                        http://www.tenablesecurity.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewall best practices, (continued)
- - - Re: Firewall best practices Nate Itkin (Apr 27)
    - Re: Firewall best practices Dave Piscitello (Apr 27)
    - Re: Firewall best practices Carson Gaspar (Apr 27)
    - Re: Firewall best practices Fetch, Brandon (Apr 27)
    - Re: Firewall best practices lordchariot (Apr 28)
    - Re: Firewall best practices Bruce B. Platt (Apr 30)
    - Re: Firewall best practices Cian Brennan (Apr 28)
    - Re: Firewall best practices Fetch, Brandon (Apr 28)
    - Re: Firewall best practices Mathew Want (Apr 30)
    - Re: Firewall best practices ArkanoiD (Apr 30)
    - Re: Firewall best practices Marcus J. Ranum (Apr 30)
    - Re: Firewall best practices ArkanoiD (Apr 27)
    - Re: Firewall best practices Dave Piscitello (Apr 22)
  - Re: Firewall best practices Marcus J. Ranum (Apr 14)
  - Re: Firewall best practices MILAN, SANDY (ATTSI) (Apr 14)
    - Re: Firewall best practices Marcus J. Ranum (Apr 15)
- Re: Firewall best practices Lloyd, Mike (Apr 28)