Firewall Wizards mailing list archives
Re: Content Vectoring Protocol (CVP)
From: "Charles C. Lindsay" <lindsay () mail toplayer com>
Date: Thu, 17 Aug 2000 09:58:47 -0400 (EDT)
Hi,
Not to muddy the waters, but...
When I last talked to Checkpoint, they would only offer the compiled
binary libraries for their FCP, they would not provide source. As my
company's product does not use Intel x86 (and kindred), the prospect
of reverse engineering their library and protocol was not overly
attractive. Also, from looking at their API, it wasn't that
flexible/adaptable.
On another front, you might want to take a gander at the IETF FOGLAMPS
BOF (or whatever they are calling themselves these days). They are
trying to develop a protocol to punch pinholes in NAT firewalls for
VoIP. They appear to be facing an uphill battle, as doing so would
implicitly provide IETF "recognition" of NAT, an anathema to the
end-to-end purists... From the BOF proposal in July:
Reading:
o http://www.ietf.org/internet-drafts/draft-kuthan-fcp-01.txt
o http://www.ietf.org/internet-drafts/draft-tiphon-foglamps-00.txt
o http://www.ietf.org/internet-drafts/draft-ietf-nat-interface-framework-00.txt
Mailing list:
The mailing list is foglamps () lists panix com. To subscribe,
send email to majordomo () lists panix com with "subscribe foglamps"
in the body of the message.
I myself would like a mechanism/protocol by which a properly
authenticated endpoint (or agents) could request that a specific
POLICY be applied at a firewall to a particular flow or set of flows,
be they extant or future for some period of time. The issue of how to
specify/learn what policies are known or enforceable on the firewall
is almost as sticky as the need for a "firewall discovery protocol":
firewalls are supposed to be invisible...
Cross your fingers and hope to fly...
--
Charles C. Lindsay TopLayer Networks, Inc. 508-870-1300 x147
lindsay () TopLayer com "Layers Above The Rest" 508-870-9797 FAX
2400 Computer Drive, Westboro, MA 01581
_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Content Vectoring Protocol (CVP) Darren Reed (Aug 15)
- Re: Content Vectoring Protocol (CVP) John Labovitz (Aug 15)
- Re: Content Vectoring Protocol (CVP) Darren Reed (Aug 16)
- Re: Content Vectoring Protocol (CVP) Joe Nall (Aug 15)
- Re: Content Vectoring Protocol (CVP) Darren Reed (Aug 16)
- Re: Content Vectoring Protocol (CVP) Mikael Olsson (Aug 16)
- Re: Content Vectoring Protocol (CVP) Charles C. Lindsay (Aug 17)
- <Possible follow-ups>
- Re: Content Vectoring Protocol (CVP) ark (Aug 16)
- Re: Content Vectoring Protocol (CVP) John Labovitz (Aug 15)