Re: [fw-wiz] A fun smackdown...
From: Marcus J. Ranum (mjr_at_ranum.com)
To: Chuck Swiger <firstname.lastname@example.org>, "Paul D. Robertson" <email@example.com> Date: Fri, 20 May 2005 21:57:31 -0400
Chuck Swiger wrote:
>You are disagreeing with a design principle from the RFC's which discusses how to create robust software protocols.
The RFCs often used to contain the phrase "this RFC does not address
security." Is that one of those great design principles the IETF uses
to create "robust software protocols"??
The RFC process creates interoperable *CRAP*.
Standards that had been developed with security as even a passing
thought would have had protocol command stacks divided into
trusted modes and public modes from the get-go. I.e.: "internet-facing
mail servers must support the HELO, MAIL, RCPT, DATA commands.
mail servers facing trusted networks must support the untrusted commands
plus HELP, VRFY, etc, etc, etc..."
The RFCs are written by well-intentioned amateurs who never gave
a rat's a&& for security, and the resulting Internet reflects it.
firewall-wizards mailing list