On 31 Jan 2006, at 16:28, Ivan R. Judson wrote: > I think the interesting question from a user perspective is: > > Would you rather open one port and we tunnel all traffic through it > (and > you'll never know about all the types or kinds of traffic) or make > it easy > to have one tunnel per type of data/connection that's easier to > open/close > and audit based on actual use? > > I *think* the future is in the latter, because you can easily see a > manageable system being built that allows programmatic (with > authentication > obviously) access for dynamically opening and closing tunnels based on > specific "contracts" about usage, data, src/destination, duration, > etc.
And, if you have well defined (narrow) port ranges for each media, makes it easy to firewall off specific media, or to assign varying QoS for each media. > I can't see any good way to justify "opaque aggregate tunnels" that > hide the > fact a break-in occurred in a mess of other data. Indeed. Colin
