Kriss Andsten wrote
> On Tue, 30 May 2000, Graham Wheeler wrote:
>
> <snip>
> > SSL can be restricted to particular e-commerce sites.
> <snip>
>
> Sounds like a rather interesting approach.. protect users by not letting
> them use secure transports, rather send their junk in plaintext. Hmm.. ;-)
actually, your approach would be interesting..
SSL designers forgot that there are some security concerns related to their
protocol.
since their protocol is incompatible with the security policies of many
sites,
then these sites should simply ignore this protocol.
the same is to be said of javascript and other funny stuff.
This is simply providing new stuff while completely ignoring the customer.
the stuff should then go to /dev/null if there's room...
> Seriously though, I miss one thing in this discussion about how to block
> active content/whether it's false or real security/etc, and that's why
> block it in the first place? Sure, there's a gazillion nasty things you
> can do with Active Content(TM) (Without going into further detail re what
> hides behind that somewhat fuzzy definition, of course :-), but on the
> other end of the scale, there's advantages, even for security nuts.
>
> Have a look at http://pajhome.org.uk/crypt/md5/index.html
so what? everybody is capable of doing MD5 calculations. the problem is that
you are faced with those millions of foreign web servers. you can't trust
them
until there's a way to pursue them in case of problems. and that is not easy
today.
> Dont forget that it takes just one successful hit by something that can
> open sockets to make a nice little tunnel into your LAN, no matter how
> many proxies or whatnot you got.
how do you open a tunnel? unless you have some mean of transmitting packets
usng some moon-based-protocol you'll have to go through the gateway, thus
through it's filter which hands the stuff to the proxy, and if my proxy
doesn't recognize your language, he simply won't talk to you...
> Looking out for oddball stuff hitting the
> network often beats trusting that expensive software that says '100%
> secure' on the packaging, imo.
well, a software may be 100% secure. The real problem is whether you get
100% secure when using the software....
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
