[76819] in North American Network Operators' Group
Re: Smallest Transit MTU
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Dec 31 01:19:24 2004
To: davids@webmaster.com
Cc: nanog@merit.edu
In-Reply-To: Your message of "Thu, 30 Dec 2004 22:09:05 PST."
<MDEHLPKNGKAHNMBLJOLKEEHHAMAB.davids@webmaster.com>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 31 Dec 2004 01:18:56 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-789509180P
Content-Type: text/plain; charset=us-ascii
On Thu, 30 Dec 2004 22:09:05 PST, David Schwartz said:
>
>
> > David Schwartz:
>
> > > IMO, it's negligent to configure a firewall to pass
> > > traffic whose meaning is not known.
>
> > I see. Can you suggest a firewall that supports "block all traffic not
> > unencrypted and in American English"?
>
> You misunderstand what I mean by "whose meaning is not known".
> Deliberately, I suspect.
He *does* have a point - the fact that the firewall knows about the new
feature doesn't mean that the target host behind the firewall is able to
do something reasonable/correct with the new feature....
And where, exactly, do you draw the line between "firewall that blocks
unknown bits" and "virus-scanning front-end appliance that blocks unknown
MIME types" and "Great Firewall" that blocks all traffic that contains
subversive content.....
--==_Exmh_-789509180P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFB1O9PcC3lWbTT17ARAgXiAJ409dTqLQevQCyKx5NtZA626J6wRwCfTeL1
T0rcU/bq5dOz8HUUgj4sLdE=
=89Km
-----END PGP SIGNATURE-----
--==_Exmh_-789509180P--
