From: Jeff Bone (jbone@jump.net)
Date: Mon Oct 02 2000 - 19:22:07 PDT
These responses shoulda been a single message, sorry...
> Firewalls sensibly don't allow just
> anybody to tunnel from the Internet to one of their machines for just any
> reason.
That right. So, the current policy is "if it's not explicitly allowed, it's
denied." This makes sense when it's trivial to spray packets directly to their
destination hosts, scan ports, etc. This practice, while entirely sensible, has
the side effect that it has turned port 80 into the universal port as a
practical measure, it's helped insure HTTP lock-in and slow progress and
adoption of other new technologies.
The corporate world is *never* going to live with the notion that they don't get
to have a choke point. They need a firewall as a kind of traffic kill switch.
But in order for there to be more flexibility in the SOAP world, we need a more
dynamic, higher-level mechanism for managing connections and service names than
we've got now.
$0.02,
jb
This archive was generated by hypermail 2b29 : Mon Oct 02 2000 - 19:39:16 PDT