Stephen D Williams wrote:
| > THE SKRONK MAP DAEMON
...
I was going to say some similar things about firewalls, but then decided that Strick is doing the right thing. If the firewall wants to offer skronk'd services, it can respond to the UDP packet, and offer up services, presumably through relays.
The relay/proxy programs for these protocols already exist. So you can reuse them to carry encrypted traffic through your firewall. Why build a new set of proxies that have to be checked for correctness?
I wasn't talking about replacing the proxy's, but 'playing' them instead of assuming you could connect directly between the skronked program and it's server. In otherwords: Since it looks like we're stuck with visible proxy firewalls for the forseeable future, we need to start codifying proxy-relay semantics into new protocol preambles. This gets us back to more or less transparent network services. This is especially true of non-mainstream methods of access.
Of course, letting encrypted traffic through your firewall will upset those people who thought they can virus/porn scan at the firewall. Such scanners are almost always broken anyway.
Adam
-- "It is seldom that liberty of any kind is lost all at once." -Hume
-- Stephen D. Williams 25Feb1965 VW,OH sdw@lig.net http://www.lig.net/sdw Senior Consultant 513-865-9599 FAX/LIG 513.496.5223 OH Page BA Aug94-Feb95 OO R&D AI:NN/ES crypto By Buggy: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Firewall/WWW srvrs ICBM/GPS: 39 38 34N 84 17 12W home, 37 58 41N 122 01 48W wrk Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.28Jan95