|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Elias Levy (aleph1
SECURITYFOCUS.COM)Date: Wed Mar 07 2001 - 10:11:37 CST
I am killing the Strong ES model vs Weak ES model thread unless someone
was something substantial to add. It is obvious both models have value
and that people disagree on their relative merit. Obviously this is the
reason they were both described in the RFC and neither recommended over the
other.
At the very least the dangers of the weak ES model in some configurations
that assume each interface is in a different security domain and don't
implement packet filtering should be clear. One would hope that
TCP/IP implementations would provide some flag to tune the behavior (like
Solaris does) and that flag was documented.
On an unrelated topic, I'd like to thank Ben for moderating the list
in my absence. I'd forgotten what it was like to have that much free
time.
-- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]