Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Administrivia: Strong ES Model vs Weak ES Model

From: Elias Levy <aleph1 () SECURITYFOCUS COM>
Date: Wed, 7 Mar 2001 09:11:37 -0700
I am killing the Strong ES model vs Weak ES model thread unless someone
was something substantial to add. It is obvious both models have value
and that people disagree on their relative merit. Obviously this is the
reason they were both described in the RFC and neither recommended over the
other.

At the very least the dangers of the weak ES model in some configurations
that assume each interface is in a different security domain and don't
implement packet filtering should be clear. One would hope that
TCP/IP implementations would provide some flag to tune the behavior (like
Solaris does) and that flag was documented.

On an unrelated topic, I'd like to thank Ben for moderating the list
in my absence. I'd forgotten what it was like to have that much free
time.

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Previous By Date Next
Previous By Thread Next

Current thread: