[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The SKRONK protocols (version 0.6)
>
> Stephen D Williams wrote:
>
> | > THE SKRONK MAP DAEMON
...
> I was going to say some similar things about firewalls, but
> then decided that Strick is doing the right thing. If the firewall
> wants to offer skronk'd services, it can respond to the UDP packet,
> and offer up services, presumably through relays.
>
> The relay/proxy programs for these protocols already exist.
> So you can reuse them to carry encrypted traffic through your
> firewall. Why build a new set of proxies that have to be checked for
> correctness?
I wasn't talking about replacing the proxy's, but 'playing' them instead
of assuming you could connect directly between the skronked program and
it's server.
In otherwords: Since it looks like we're stuck with visible proxy
firewalls for the forseeable future, we need to start codifying
proxy-relay semantics into new protocol preambles. This gets us back
to more or less transparent network services. This is especially true
of non-mainstream methods of access.
> Of course, letting encrypted traffic through your firewall
> will upset those people who thought they can virus/porn scan at the
> firewall. Such scanners are almost always broken anyway.
>
> Adam
>
>
> --
> "It is seldom that liberty of any kind is lost all at once."
> -Hume
>
--
Stephen D. Williams 25Feb1965 VW,OH [email protected] http://www.lig.net/sdw
Senior Consultant 513-865-9599 FAX/LIG 513.496.5223 OH Page BA Aug94-Feb95
OO R&D AI:NN/ES crypto By Buggy: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Firewall/WWW srvrs ICBM/GPS: 39 38 34N 84 17 12W home, 37 58 41N 122 01 48W wrk
Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.28Jan95