From: Lucas Gonze (email@example.com)
Date: Mon Oct 02 2000 - 08:29:29 PDT
We keep coming back to this exact same point, but nobody has any solutions to
offer. The closest is the SOAP approach of facilitating semantic analysis.
IMHO that won't work because it comes down to the same problem as now, where a
corporate user has to ask a sysadmin to open a port or install special software.
What about this idea: signed streams. The stream isn't encrypted, it just does
a handshake when it connects to the proxy. If there is a service that does
nothing but sign certificates for code that needs to bust through the firewall,
then to stay viable it depends on only signing for reputable parties. So the
sysadmin says "I'll allow all traffic signed by Joe because I trust Joe to do
hacker detection conscientiously." For sysadmins this might fix the problem of
all the non-browser data passing through 8080.
Seems like such an obvious idea that it must have been suggested elsewhere
> Looking at all this, it's become abundantly clear to me that the main
> driver in
> the protocol space these days is this sort of "race" between sysadmins, who
> want to de facto control access to information resources and believe they know
> better how to do that than developers and users, and developers / users who
> find clever ways to route around the damage inflicted by overly-strict system
> administration policies. Sysadmins and developers alike bitch that "the port
> number in a TCP packet isn't static 80" but, ironically, its their own arms
> race that makes that the case for all intents and purposes. And the
> poor users
> --- they just want to get to their stuff, share their stuff, etc.
> (Interestingly, any time a group which has traditionally been a control (read:
> choke) point for information access is taken out of the loop, it
> always creates
> turmoil. Napster, DeCSS, etc. etc. etc.)
> A wise man a long time ago at an IETF meeting told me "you shouldn't try to
> solve social problems in software." (Note, he's not saying anything about
> security, he's just saying that you have to give individuals rather than
> organizations the tools needed.)
> I believe that.
This archive was generated by hypermail 2b29 : Mon Oct 02 2000 - 08:33:45 PDT