Re: WheelGroup Corporation's Response to our Work

["George M. Jones" <gjones () CompuServe NET>]

In thinking about the problems raised by SNI a bit, it seems that a
natural "next step" for ID products would be to marry them (or at least
their signature recognition pieces) to proxy based firewalls.  That
way many of the "bad" packets are just dropped.  The proxy by
definition operates on the entire reassembled data stream exactly as
it is it is sent to the destination.  There are no questions about
which packets reach the destination in which order or how the it will
interpret them.

Comments ?  What problems would still remain ?  What could not be done
at all ?

George Jones, Internet Security Engineer, CompuServe Network Services
Email: George.Jones () CompuServe NET, Voice: +1 614 723-4560
Snail Mail: 5000 Britton Rd., PO BOX 5000, Hilliard, Ohio 43026-5000 USA
PGP: 1024/8C1CEFC9 Fingerprint 20 79 AE 12 D0 8C 44 8F C5 37 2B 40 EA F5 C3 35