Hi Raul,
On Wed, Jul 27, 2016 at 09:42:23AM -0400, Raul Miller wrote:
> On Wed, Jul 27, 2016 at 8:00 AM, Paul Fariello <[email protected]> wrote:
> > Ok. I didn't notice that relayd had a security filtering focus. If so,
> > enforcing presence/absence of body is legit.
>
> Perhaps the security.html page on the openbsd site would interest you?
> Did you know, for example, that openbsd has a "Secure by Default"
> policy?
This raise an interesting question. Does "Secure by Default" means only
- produce secure software
or does it means
- produce software that not only is secure but secures others part of
the OS
My point of view is that producing secure software is difficult enough.
If one want to really protect external piece of software it should use
dedicated software.
>
> Also, it is probably a good idea to read the man page for software you
> are working on. For example, relayd has a man page which says:
>
> "Various application level filtering ... options are available for relays."
I have obviously read the man page before digging into relayd sources
and RFCs. My understanding of "Various application level filtering" is
that relayd provides ways to filter which connection are allowed and
where they should go. I don't think it means that relayd tries to secure
protocols it relays.
Again, this is only my understanding of relayd man page. I may be wrong.
>
> I could go on, with this kind of reasoning, but I probably should give
> you the chance to do some thinking, yourself?
Its always good to encourage people to think on there own. Thanks.
>
> --
> Raul
>
--
Paul Fariello
PGP: 0x672CDD2031AAF49B
