On Thu, 23 Mar 2000, Stephen Satchell wrote:
> >Stateful is evil, begon spawn of the devil!
> >
> >Seriously, though. Statefulness is the enemy of performance an
> >realiability.
>
> Statefulness is sometimes the preferred way for dealing with certain class
> of problems. TCP itself is stateful because the benefits outweigh the
> complexity issues.
That is statefulness implimented in the endnodes. The endnodes are already
a SPF, so statefulness causes no harm.
> The right solution is to remove those people who would abuse their access
> to the net. Failing that, we use the RIGHT tools to fix the problems --
> and unfortunately a stateful protection system works better than any other
> scheme.
The most effective way to prevent abuse is to remove the service. This is
usually no acceptable. I agree that you must comprimize, but I think any
comprimize that pushs state beyond the end nodes is a bad solution.
Insted, each endnode should maintain it's own firewalling via a centerly
controled mechnism. Endnodes should verify their identity with each other
via crpytograhpic authentication. Unfortunatly, all the stateful crap in
the networks now is signifinatly hindering the deployment of network layer
encryption and authentication.
> Of course, if you really want performance and reliability, just unplug your
> computer from all networks. That is the best and safest course.
That won't make it a very realible web server or client.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
