Great Circle Associates Firewalls
(June 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Stateful Packet Filters vs. Proxies
From: Geoff Mulligan <geoff @ mulligan . com>
Date: Tue, 10 Jun 1997 10:55:14 -0600
To: "Simon J. Gerraty" <sjg @ quick . com . au>
Cc: firewalls @ greatcircle . com
In-reply-to: Your message of "Tue, 10 Jun 1997 23:43:59 +1000." <199706101343 . XAA11893 @ zen . quick . com . au> 
sjg @
 quick .
 com .
 au said:
> Link level crypto, sure.  Not everyone likes that though. I was
> refering to folk trying to use SSLftp, where the connection is
> authenticated and encrypted at the application level.  Because a SPF
> cannot look inside the payload in such a case, the dynamic opening of
> ports will fail. 

And how is an SPF different from a proxy in this case, unless you are saying
the proxy is participating in the encryption.

> Funny, you're the 2nd person to suggest that.  But no, I mean exactly
> what I said.

Because you said just cypto and link level crypto and SPF work great.

	geoff
Follow-Ups:
References:
Indexed By Date Previous: Re: RFC for Ports
From: michaelj @ burrito . insource . com
Next: Re[2]: DHCP and Firewall 1
From: "dennis keller" <dennis_keller @ smtp . ddre . dla . mil>
Indexed By Thread Previous: Re: Stateful Packet Filters vs. Proxies
From: "Simon J. Gerraty" <sjg @ quick . com . au>
Next: Re: Stateful Packet Filters vs. Proxies
From: "Simon J. Gerraty" <sjg @ quick . com . au>
Google
 
Search Internet Search www.greatcircle.com