IETF Logo Mail Archive

Re: [TLS] Next protocol negotiation

Steve Dispensa <dispensa@phonefactor.com> Wed, 20 January 2010 16:31 UTC

Return-Path: <dispensa@phonefactor.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 579423A67D7 for <tls@core3.amsl.com>; Wed, 20 Jan 2010 08:31:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.979
X-Spam-Level:
X-Spam-Status: No, score=-3.979 tagged_above=-999 required=5 tests=[AWL=-1.380, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DPhLmqNW4+sP for <tls@core3.amsl.com>; Wed, 20 Jan 2010 08:31:01 -0800 (PST)
Received: from na3sys009aog108.obsmtp.com (na3sys009aog108.obsmtp.com [74.125.149.199]) by core3.amsl.com (Postfix) with SMTP id CC81D3A6A7A for <tls@ietf.org>; Wed, 20 Jan 2010 08:31:00 -0800 (PST)
Received: from source ([204.13.120.8]) by na3sys009aob108.postini.com ([74.125.148.12]) with SMTP ID DSNKS1cvwFpPS3rofH/e4pP38z3lunLcGtKD@postini.com; Wed, 20 Jan 2010 08:30:57 PST
Received: from 10.10.10.85 ([10.10.10.85]) by pos-exch1.corp.positivenetworks.net ([204.13.120.11]) with Microsoft Exchange Server HTTP-DAV ; Wed, 20 Jan 2010 16:28:03 +0000
User-Agent: Microsoft-Entourage/12.20.0.090605
Date: Wed, 20 Jan 2010 10:30:54 -0600
From: Steve Dispensa <dispensa@phonefactor.com>
To: Marsh Ray <marsh@extendedsubset.com>, Adam Langley <agl@google.com>
Message-ID: <C77C8BDE.E62A%dispensa@phonefactor.com>
Thread-Topic: [TLS] Next protocol negotiation
Thread-Index: AcqZ7e+f36v90zYFL0WPiPyNSweV8Q==
In-Reply-To: <4B572EA6.8040902@extendedsubset.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Next protocol negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2010 16:31:02 -0000

On 1/20/10 10:26 AM, "Marsh Ray" <marsh@extendedsubset.com> wrote:
> One point of view is that firewall admins are ports because of their
> intentional policies and it is their right to control what goes on on
> their own network.

That's giving many administrators too much credit; the new WizBang
FireScannerProxyWallThingy(TM) is configured to automatically block anything
and everything, because that's what WizBang's coders read was best practice
in the latest Gartner report, and the administrator is only dimly aware of
what's really going on. He just knows he can check the box on this year's
SAS-70 audit.

Surely you're right some of the time, but I suspect stuff gets automatically
blocked more often than not.

 -Steve

v2.23.0 | Report a Bug | By Email