Date: Fri, 21 Jan 2000 09:45:37 -0700 From: Wes Peters <wes@softweyr.com> To: Brett Glass <brett@lariat.org> Cc: Alfred Perlstein <bright@wintelcom.net>, Matthew Dillon <dillon@apollo.backplane.com>, security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Message-ID: <38888D31.CFF5CF38@softweyr.com> References: <4.2.2.20000120222630.01919150@localhost> <4.2.2.20000120182425.01886ec0@localhost> <20000120195257.G14030@fw.wintelcom.net> <4.2.2.20000120220649.018faa80@localhost> <200001210521.VAA56412@apollo.backplane.com> <4.2.2.20000120222630.01919150@localhost> <4.2.2.20000121081444.01a2d480@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote:
>
> So, we've learned something about what policy to follow. The current TCP/IP
> spec is an important standard, but it's not Holy Writ. There are still
> things we can learn, and we can fix both the current spec and future ones.
>
> Whether we implement changes immediately or not is really a matter of
> pragmatism. My priority is to keep my systems up and safe from attack, so
> I have no qualms about doing that so long as it won't break normal operation.
> I'd put in a "stick to the original spec" option for those who were willing
> to risk safety for conformance to Holy Writ. YMMV, of course.
Nobody disagrees with this; that's why we ALL use systems with source code
available. The only argument is whether the defensive posture should be
the default or not. Following the specifications as written should be the
default setting; we can still use studies of the defensive posture to
convince the IETF of the value of changes to the protocol.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38888D31.CFF5CF38>