|
Firewall Wizards
mailing list archives
RE: A fun smackdown...
From: "Ben Nagy" <ben () iagu net>
Date: Thu, 19 May 2005 15:33:22 +0200
"Be liberal in what you accept; be strict in what you send."
This was NEVER a security doctrine. It was an RFC doctrine, originally
(AFAIK) from RFC 791 (cf):
"In general, an implementation must be conservative in its sending behavior,
and
liberal in its receiving behavior."
RFCs are concerned with interoperability. Security is concerned with risk.
The two are not congruent. If you know anything about this history of the
Internet Protocol and the RFCs < 1000 in general, you would not characterise
it as security focused.
This is intuitive - well at least to me and all of the 'old timers' on this
list.
-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[...]
On Tue, 17 May 2005, Martin wrote:
"Be liberal in what you accept; be strict in what you send."
[Paul, sensibly, rebuts ... ]
_All_ effective security controls break that tenet. The more
liberal your controls, the more risk you assume.
Paul
To borrow the vernacular,
"w3rd."
ben
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
| 
Intro
