On Wed, 2 Aug 2000, Marcus J. Ranum wrote:
> There's a lot of ugly stuff there. :( As a (former)
> firewall designer, it's really disappointing to see
> these kind of basic design flaws in such a widely
> deployed product - they're the kind of mistakes that
> nobody who knows anything about firewalls or crypto
> would make. :(
It's been worse in other corners of the planet you're more familiar with-
I've seen a long URL crash an ALG that'd been shipping that release for
months. That's why I hate people trying to spin errors as not that
important or based on user action- lack of vendor accountability *sucks*.
I've only ever met one vendor who was willing to discuss posting a bond
(they're no longer doing firewalls)- and that was based on a trusted OS.
If you think I'm fun doing the VPN rant, you should see my "Why won't you
post a bond if you believe your product works?" speech :)
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
