On Thu, 30 Dec 2004 22:09:05 PST, David Schwartz said: > > > > David Schwartz: > > > > IMO, it's negligent to configure a firewall to pass > > > traffic whose meaning is not known. > > > I see. Can you suggest a firewall that supports "block all traffic not > > unencrypted and in American English"? > > You misunderstand what I mean by "whose meaning is not known". > Deliberately, I suspect.
He *does* have a point - the fact that the firewall knows about the new feature doesn't mean that the target host behind the firewall is able to do something reasonable/correct with the new feature.... And where, exactly, do you draw the line between "firewall that blocks unknown bits" and "virus-scanning front-end appliance that blocks unknown MIME types" and "Great Firewall" that blocks all traffic that contains subversive content.....
pgpCMqHSLVZD1.pgp
Description: PGP signature
