Ben Nagy wrote:
>
> Mikael Olsson wrote:
> > Maybe I should have just kept my trap shut about my views
> > in this area and spared myself the pain :)
>
> It's not pain, it's the cut and thrust of lively debate,
> and you love it.
Hushhh, darnit! :)
> > [{java|vb}script is bad]
> You still didn't address the question of using pure Java in
> a browser, though.
No. I guess I could live with a browser that has javascript
disabled, and that uses Sun's java engine (no, I don't trust
Microsoft's engine with all those win32-specific calls).
But there we go with specialized browsers again. Said browser
wouldn't exactly be "Internet-friendly".
And, besides, I hate Java applications :)
<click button ... [bzzt] ... [wait] ... [perform CPU emulation
about as computationally expensive as calculating the weight of
the universe] ... [wait some more] ... - wee! new window! :)>
> Since, for most GUIs, we only need a Secure Socket Layer
> (so to speak) I'd probably vote for TLS.
> [...]
> Minimal SSL/TLS can't be _that_ big, c'mon.
Yeah, an app that speaks TLS is also good in my book, assuming
that it uses TLS the right (minimalistic) way, of course. If
we know what app will be used in the other end, we don't need
to support all kinds of compatibility quirks and ret{ir|ard}ed
ciphers.
> dammit, Java in a browser with a TLS connection to a secure
> HTTPS-only server on the firewall _should_ be the right way
> to do it! *sulk*
>From your previous mail:
> I now have to trust [firewall vendor] to have implemented a
> ground-up management app and comms protocol correctly.
I have no idea why I didn't think of this comeback last time around,
but here it is: "would you rather trust $browser_vendor to implement
the browser correctly"? :)
But anyway: this debate is fast getting silly. I'm arguing for
the "correctly implemented GUI app" and arguing against the
"buggy browser", while your arguments are (roughly) the opposite.
Of course, in the absolutely general case, neither is true:
browers suck, firewalls suck, and we're all 0wn3d :)
(Although I _am_ going to pronounce SNMP a dead horse ;))
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
"Senex semper diu dormit"
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
