RE: [fw-wiz] A fun smackdown...
From: Ben Nagy (ben_at_iagu.net)
Date: 05/19/05
- Previous message: Paul D. Robertson: "Re: [fw-wiz] A fun smackdown..."
- In reply to: Paul D. Robertson: "Re: [fw-wiz] A fun smackdown..."
- Next in thread: Chuck Swiger: "Re: [fw-wiz] A fun smackdown..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Paul D. Robertson'" <paul@compuwar.net>, "'Martin'" <marty@supine.com> Date: Thu, 19 May 2005 15:33:22 +0200
> > "Be liberal in what you accept; be strict in what you send."
This was NEVER a security doctrine. It was an RFC doctrine, originally
(AFAIK) from RFC 791 (cf):
"In general, an implementation must be conservative in its sending behavior,
and
liberal in its receiving behavior."
RFCs are concerned with interoperability. Security is concerned with risk.
The two are not congruent. If you know anything about this history of the
Internet Protocol and the RFCs < 1000 in general, you would not characterise
it as security focused.
This is intuitive - well at least to me and all of the 'old timers' on this
list.
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com
[...]
> On Tue, 17 May 2005, Martin wrote:
>
> > "Be liberal in what you accept; be strict in what you send."
[Paul, sensibly, rebuts ... ]
> _All_ effective security controls break that tenet. The more
> liberal your controls, the more risk you assume.
>
> Paul
To borrow the vernacular,
"w3rd."
ben
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul D. Robertson: "Re: [fw-wiz] A fun smackdown..."
- In reply to: Paul D. Robertson: "Re: [fw-wiz] A fun smackdown..."
- Next in thread: Chuck Swiger: "Re: [fw-wiz] A fun smackdown..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
