Re: ISMS working group and charter problems
"Steven M. Bellovin" <smb@cs.columbia.edu> Tue, 06 September 2005 23:04 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECmUs-0005yw-G1; Tue, 06 Sep 2005 19:04:58 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECmUq-0005yh-4y for ietf@megatron.ietf.org; Tue, 06 Sep 2005 19:04:56 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA09148 for <ietf@ietf.org>; Tue, 6 Sep 2005 19:04:53 -0400 (EDT)
Received: from machshav.com ([147.28.0.16]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ECmXs-00077G-3h for ietf@ietf.org; Tue, 06 Sep 2005 19:08:05 -0400
Received: by machshav.com (Postfix, from userid 512) id BBB7AFB24A; Tue, 6 Sep 2005 19:04:52 -0400 (EDT)
Received: from berkshire.machshav.com (localhost [127.0.0.1]) by machshav.com (Postfix) with ESMTP id C3B8FFB23E; Tue, 6 Sep 2005 19:04:51 -0400 (EDT)
Received: from cs.columbia.edu (localhost [127.0.0.1]) by berkshire.machshav.com (Postfix) with ESMTP id 9BB1E3BFD6F; Tue, 6 Sep 2005 19:04:50 -0400 (EDT)
X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Iljitsch van Beijnum <iljitsch@muada.com>
In-Reply-To: Your message of "Wed, 07 Sep 2005 00:30:40 +0200." <9A2BB5EF-A137-439D-81AF-40B784D541A9@muada.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 06 Sep 2005 19:04:50 -0400
Message-Id: <20050906230450.9BB1E3BFD6F@berkshire.machshav.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: IETF Discussion <ietf@ietf.org>, Daniel Senie <dts@senie.com>
Subject: Re: ISMS working group and charter problems
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
In message <9A2BB5EF-A137-439D-81AF-40B784D541A9@muada.com>, Iljitsch van Beijn um writes: >On 7-sep-2005, at 0:16, Daniel Senie wrote: > >> Actually, a "Firewall Considerations" section would make sense. > >What would be in such a section? There are only three possibilities: > >1. There is no firewall: no need for text. >2. There is a firewall, and it doesn't try to block the protocol: no >need for text. >3. There is a firewall, and it tries to block the protocol. > >So what text would be helpful in case #3? Either the firewall >successfully blocks the protocol and the firewall works and the >protocol doesn't, or the firewall doesn't manage to block the >protocol and the protocol works but the firewall doesn't. So whatever >happens, someone is going to be unhappy. > Not at all. Often, a firewall needs to know a fair amount about the protocol to do its job. FTP is the simplest case -- it has to look for the PORT (and, in some configuration, the PASV) command. H.323 and SIP are more complex. But for complex protocols, we need to go a step further. SIP has, built-in, provision for gateways. There are a number of reasons for this, but firewall friendliness is certainly one of them. The proper question is this: would adding something to the protocol enable it to operate properly in the presence of a firewall *without* subverting site security policy. The lack of that latter consideration has led to people using http as the universal firewall traversal protocol, with the obvious bad side-effects. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Pekka Savola
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- RE: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Randy Presuhn
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Dave Singer
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Brian E Carpenter
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Firewall considerations (Re: ISMS working group a… Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Melinda Shore
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Margaret Wasserman
- Confusion about ISMS rechartering Sam Hartman
- Re: Confusion about ISMS rechartering Dave Crocker
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Margaret Wasserman
- RE: ISMS working group and charter problems Fleischman, Eric
- Re: ISMS working group and charter problems Spencer Dawkins
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Daniel Senie
- RE: ISMS working group and charter problems Nelson, David
- Re: ISMS working group and charter problems Tom Petch
- Fwd: ISMS working group and charter problems Rich Morin
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Wes Hardaker
- ISMS working group and charter problems Brent Chapman