Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Dailydave] This just in: Firewalls are obsolete
Date: Tue Jul 12 2005 - 12:20:18 CDT
At 00:59 +0200 on 2005-07-12, Florian Weimer wrote:
> For complex protocols, you need one implementation which gets it
> right, not two or more which come close, but not close enough.
Better, you need one proxy implementation (which gets it right) of the
protocol subset which you wish to allow through your perimeter.
This just moves the complexity into HTTP sanitization, however. Is that
still a net win, given the new location (proxy) for implementation bugs?
Perhaps the single point of control, and reduction in protocol complexity,
still helps if you have clients that are, for all practical purposes,
Dailydave mailing list