1995-02-05 - Re: The SKRONK protocols (version 0.6)

Header Data

From: sdw@lig.net (Stephen D. Williams)
To: adam@bwh.harvard.edu (Adam Shostack)
Message Hash: 4279842061973fbe28bb6d90875eece4969f8a5a5e6ff5bd5e0894e275c218a9
Message ID: <m0rb8zF-0009tFC@sdwsys>
Reply To: <199502052024.PAA21302@bwh.harvard.edu>
UTC Datetime: 1995-02-05 20:33:21 UTC
Raw Date: Sun, 5 Feb 95 12:33:21 PST

Raw message

From: sdw@lig.net (Stephen D. Williams)
Date: Sun, 5 Feb 95 12:33:21 PST
To: adam@bwh.harvard.edu (Adam Shostack)
Subject: Re: The SKRONK protocols (version 0.6)
In-Reply-To: <199502052024.PAA21302@bwh.harvard.edu>
Message-ID: <m0rb8zF-0009tFC@sdwsys>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Stephen D Williams wrote:
> 
> | > THE SKRONK MAP DAEMON
...
> 	I was going to say some similar things about firewalls, but
> then decided that Strick is doing the right thing.  If the firewall
> wants to offer skronk'd services, it can respond to the UDP packet,
> and offer up services, presumably through relays.
> 
> 	The relay/proxy programs for these protocols already exist.
> So you can reuse them to carry encrypted traffic through your
> firewall.  Why build a new set of proxies that have to be checked for
> correctness?

I wasn't talking about replacing the proxy's, but 'playing' them instead
of assuming you could connect directly between the skronked program and
it's server.

In otherwords: Since it looks like we're stuck with visible proxy
firewalls for the forseeable future, we need to start codifying
proxy-relay semantics into new protocol preambles.  This gets us back
to more or less transparent network services.  This is especially true
of non-mainstream methods of access.

> 	Of course, letting encrypted traffic through your firewall
> will upset those people who thought they can virus/porn scan at the
> firewall.  Such scanners are almost always broken anyway.
> 
> Adam
> 
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 						       -Hume
> 


-- 
Stephen D. Williams    25Feb1965 VW,OH      sdw@lig.net http://www.lig.net/sdw
Senior Consultant    513-865-9599 FAX/LIG   513.496.5223 OH Page BA Aug94-Feb95
OO R&D AI:NN/ES crypto     By Buggy: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Firewall/WWW srvrs ICBM/GPS: 39 38 34N 84 17 12W home, 37 58 41N 122 01 48W wrk
Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.28Jan95




Thread