Firewall Wizards mailing list archives
Re: A fun smackdown...
From: Chuck Swiger <chuck () codefab com>
Date: Sat, 21 May 2005 11:48:37 -0400
On May 20, 2005, at 9:57 PM, Marcus J. Ranum wrote:
Chuck Swiger wrote:You are disagreeing with a design principle from the RFC's which discusses how to create robust software protocols.The RFCs often used to contain the phrase "this RFC does not addresssecurity." Is that one of those great design principles the IETF usesto create "robust software protocols"??
Sometimes, yes. I'd rather see an explicit statement that says, "this is not a secure protocol", then use something which pretends to be secure, yet is not.
The older RFCs-- before 2000 or so-- were a lot more concerned with defining standards for interoperability than for security. Newer RFC's tend to show a lot more concern for security.
The RFC process creates interoperable *CRAP*.
Let's accept this as true for a moment. Can you point to something better?
What about the ISO model, the X.400 & X.500 schemas, and ASN.1?How well has BER, SNMP, SSL certs, and all of that done in practice for security?
Or how about the security vendors, who break standards to create proprietary, non-interoperable crap? What's the current status of VRRP? Is that an open standard, free for all to use, or is it encumbered?
[ ... ] The RFCs are written by well-intentioned amateurs who never gave a rat's a&& for security, and the resulting Internet reflects it.
Not always. There are people, even on this list, who could learn something from:
http://www.ietf.org/rfc/rfc2196.txt As an aside, building a "home grown" firewall requires a significant amount of skill and knowledge of TCP/IP. It should not be trivially attempted because a perceived sense of security is worse in the long run than knowing that there is no security. As with all security measures, it is important to decide on the threat, the value of the assets to be protected, and the costs to implement security.Give that RFC a fair read, Marcus, and then see whether you still agree with your own generalization above.
-- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: A fun smackdown..., (continued)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Steven M. Bellovin (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Don Kendrick (May 24)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Chuck Swiger (May 19)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Chuck Swiger (May 19)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Marcus J. Ranum (May 20)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- RE: A fun smackdown... Bill Royds (May 24)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Chuck Swiger (May 20)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Devdas Bhagat (May 20)
- Re: A fun smackdown... Carson Gaspar (May 20)
- Re: A fun smackdown... Marcus J. Ranum (May 20)