Joachim Schrod wrote:
I hate to reply to myself, but I forgot:
To quote Jon Postel in RFC 761, the TCP definition from Januay 1980,
the last two lines on page 12:
be conservative in what you do, be liberal in what you accept from
others.
Words to keep in mind, they served us well in more than 25 years --
RIP Jon Postel.
JE> You know where this RFC attitude brought us - Web browsers accepting
JE> broken HTML, resulting in sloppy non-standard pages that display in
JE> less than average of the browsers.
JE> Especially when it comes to
JE> security, e.g. firewalls, it's better to turn the RFC quote:
JE> Be conservative in what you accept and be
JE> liberal in what you do.
JE> [http://jengelh.hopto.org/p/jen_ipfw/TECH.txt]
A tip: you might want to read the early RFCs at some time. They are
really valuable. `To be liberal in what you accept from others' does
NOT mean to accept any service request from the outside and keep
every connection open. In fact, to re-interpret that sentence as
meaning that one should accept all incoming connections and keep all
services open is against the RFC intentions, and a blatant attempt
at a history rewrite.
The cited principle realizes robustness; it means to be able to
handle misformed connection attempts and protocol contents properly,
without going into inconsistent states of one's software. E.g., to
be able to handle misformed IP packets, or to be able to handle
requests that are outside the FSA of a protocol. We really don't
want inconsistent states in our software because somebody violates
the SSL protocol; or the SMTP protocol, for that matter. That kind
of attitude leaves us without robust software and brings us security
holes.
Robustness, as urged by Jon Postel in this sentence, is urgently
needed in all our security-related software and nothing to mock
about. As it is, Jon knew more about the Internet and how to create
a robust and secure network than you. (And, in fact, more than I; I
met him, I know and accept it.)
Joachim
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod Email: [EMAIL PROTECTED]
Roedermark, Germany
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
