home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!olivea!mintaka.lcs.mit.edu!mintaka!jtw
- From: jtw@lcs.mit.edu (John Wroclawski)
- Newsgroups: comp.protocols.tcp-ip
- Subject: Re: Firewall usage
- Message-ID: <JTW.92Jul27142002@pmws.lcs.mit.edu>
- Date: 27 Jul 92 19:20:02 GMT
- References: <BrruC8.FEo@spock.dis.cccd.edu> <BrsM1C.36v@cs.columbia.edu>
- <1992Jul23.142026.20112@sci34hub.sci.com>
- <1992Jul24.161006.12786@practic.com>
- Sender: news@mintaka.lcs.mit.edu
- Organization: MIT Home for Wayward Triumphs
- Lines: 65
- In-Reply-To: brunner@practic.com's message of 24 Jul 92 16:10:06 GMT
-
-
- In article <1992Jul24.161006.12786@practic.com> brunner@practic.com (Thomas Eric Brunner) writes:
-
- >>I wish I had a transcript of Dave Clark's talk at the IETF last week.
- >>He said some great things about firewall gateways and mailbridges, and
- >>how they've essentially destroyed the whole purpose of having an IP
- >>internet, and have forced a lot of us to use mail as a transport-level
- >>protocol.
-
- Dave is usually correct, but as he thinks quite a bit more than many, and
- says what he thinks, he is frequently not correct. Send him mail and ask
- for a copy, or invite him to write. Perhaps he's been misstated in this
- summary of his remarks.
-
- Dave made two points. The first was that the architecture of the
- current internet is end-to-end, and does not have any notion of
- firewalls. He argued that because of this, firewalls make some things,
- such as introducing new services, much more difficult than they should
- be, and as a result people resort to odd things like using mail as a
- transport.
-
- Dave's second point is that perhaps it is time to rethink the core
- architecture of the internet (or its follow-on) to specifically
- -include- mechanism to separate organizational policy functions (such
- as authentication, logging, and access control) from the actual
- service functions running on the typical host.
-
- His key observation is that if we can provide these "checkpoint"
- functions at administrative boundaries as part of a well-designed
- architecture, rather than in an ad-hoc manner, we might be able to
- achieve two goals at once - provide a network which can -better- meet
- the security and usage requirements of a wide range of people, and at
- the same time preserve some of the open access which has driven the
- incredible growth of the internet so far.
-
- Implicit in this observation is the belief that if we -don't- succeed
- in doing something like this, the continuing rapid spread of firewalls
- is inevitable, for the simple reason that many people feel they simply
- have no choice.
-
- Responding to the same quote, karl@ddsw1.mcs.com (Karl Denninger) writes:
-
- Hogwash. If it is that important to an organization, the firewall can
- provide proxy service for it. It is >not< that big a deal to provide a
- proxy connection for these kinds of things, >provided< that you have a nice
- clean requirement. The generic "anyone can do anything" doesn't cut it in
- Corporate America anyway.
-
- I suspect Mr. Denninger will disagree, but I find this to be dangerous
- and depressing thinking. A major strength of the Internet is the
- ability for new services to come into existance when they're needed,
- not several years later when a "nice clean requirement" has been
- formulated, written down, approved, standardized, and poked at by a
- layer or two of beaurocracy. In other words, the internet is strong
- because it can evolve.
-
- Existing firewalls threaten this evolution because they mix up the
- notion of enforcing security with the notion of limiting
- functionality. This -is- a serious threat. Dave's core argument, that
- we should work to develop an architecture which can separate these
- functions, seems to offer a useful way out.
-
- John Wroclawski
- MIT Lab for Computer Science
- jtw@lcs.mit.edu
-