[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The SKRONK protocols (version 0.6)

> Stephen D Williams wrote:
> 	I was going to say some similar things about firewalls, but
> then decided that Strick is doing the right thing.  If the firewall
> wants to offer skronk'd services, it can respond to the UDP packet,
> and offer up services, presumably through relays.
> 	The relay/proxy programs for these protocols already exist.
> So you can reuse them to carry encrypted traffic through your
> firewall.  Why build a new set of proxies that have to be checked for
> correctness?

I wasn't talking about replacing the proxy's, but 'playing' them instead
of assuming you could connect directly between the skronked program and
it's server.

In otherwords: Since it looks like we're stuck with visible proxy
firewalls for the forseeable future, we need to start codifying
proxy-relay semantics into new protocol preambles.  This gets us back
to more or less transparent network services.  This is especially true
of non-mainstream methods of access.

> 	Of course, letting encrypted traffic through your firewall
> will upset those people who thought they can virus/porn scan at the
> firewall.  Such scanners are almost always broken anyway.
> Adam
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 						       -Hume

Stephen D. Williams    25Feb1965 VW,OH      [email protected] http://www.lig.net/sdw
Senior Consultant    513-865-9599 FAX/LIG   513.496.5223 OH Page BA Aug94-Feb95
OO R&D AI:NN/ES crypto     By Buggy: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Firewall/WWW srvrs ICBM/GPS: 39 38 34N 84 17 12W home, 37 58 41N 122 01 48W wrk
Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.28Jan95