All this invective, yet you run your firewall on an Intel/AMD platform. Et tu, Volker.
Open Source is more about sharing than security. Anyone who argues get referred to, "Reflections on Trusting Trust." -- Jim > On Jun 5, 2016, at 8:02 PM, Volker Kuhlmann <hid...@paradise.net.nz> wrote: > > On Fri 27 May 2016 04:53:12 NZST +1200, RB wrote: > >>> http://seclists.org/fulldisclosure/2016/Jan/77 >>> >>> http://seclists.org/fulldisclosure/2016/Mar/25 >> >> I see, but that has nothing to do with the security of the VLAN >> implementation, rather of the switch as a whole. > > Uhhmm, very moot point. They can't even make a secure switch, how secure > their VLAN is becomes irrelevant. And the switch manufacturer couldn't > care less about fixing anything - what's your trust value in the VLAN > implementation? How different are other manufacturers? > >> Nor does it mean we avoid using an entire technology because there >> "might" be vulnerabilities in what has otherwise remained a stable and >> useful paradigm for decades. > > As "stable and useful" a paradigm as the Internet was before Snowden? > >> The question of VLAN jumping remains open, in my mind. An >> appropriate, well-configured switch fabric should have no problem > > True - as you say, "should", but it's utopic. Which means reducing critical > firmware entirely increases security a lot. No matter where you buy your > VLAN, it doesn't come close to the security of an extra port on the > firewall you already trust. VLAN is just being lazy. > >> vulnerabilities in its management software notwithstanding. > > This is a laughable argument! You can only use the whole. You're arguing > it's safe to use a (potentially!) safe fragment of VLAN firmware that by > necessity is embedded in whatever management, of which you know it's a > piece of rubbish. I'm increasingly getting the impression that network > device manufacturers only ever fix anything if there is sufficient > public backlash to make it financially worth fixing - no other reason to > fix anything exists. The logical conclusion is that such "technology" is > unsafe. > > VLAN switch with 100% open source firmware please... > > Volker > > -- > Volker Kuhlmann is list0570 with the domain in header. > http://volker.top.geek.nz/ Please do not CC list postings to me. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold