> my personal experience has been good.
>
> I disagree that a SPF != a proxy, at least not
> entirely.
you make an interesting argument. I will assert my belief that SPFs and
proxies represent something akin to convergent evolution -- are bats
special cases of birds, marsupial mice special cases of mice, etc?
Admittedly, unlike evolution, we have a situation where people can learn
from others' successes and failures. Things may look like ducks, quack
like ducks, but if their DNA/source says "not a duck" it ain't a duck.
Why do i believe that they are fundamentally different? SPFs are
implemented as an adjunct the the IP stack of the machine -- basically
it requires down and dirty OS level code in order to operate. Proxies
don't. Merely because the SPF looks and acts like a dumb proxy doesn't
make it a dumb proxy -- nor does it make dumb proxies special
cases of SPF's.
Now, an important adjunct: i'm merely addressing your assertion that SPFs
and proxies belong to the same family of things, beit SPFs being special
cases of proxies, or vice versa. I believe that the arguments over which
is more secure are beyond the scope of this reply, and have more to with
availability and easy of modifying the source code to both (i'd rather an
SPF with rebuildable source than a proxy w/o it). Of course, there are
many other factors to add into this equation, but, i'm digressing and
risking flamage :)
-- craig
-------------------------------------------------------------------------------
Craig I. Hagan "It's a small world, but I wouldn't want to back it up"
hagan @
cih .
com "True hackers don't die, their ttl expires"
"It takes a village to raise an idiot, but an idiot can raze a village"
Follow-Ups:
|
|
