[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RFC 3093 on Firewall Enhancement Protocol




A new Request for Comments is now available in online RFC libraries.


        RFC 3093

        Title:	    Firewall Enhancement Protocol (FEP)
        Author(s):  M. Gaynor, S. Bradner
        Status:     Informational
	Date:       1 April 2001
        Mailbox:    gaynor@eecs.harvard.edu, sob@harvard.edu
        Pages:      11
        Characters: 22405
        Updates/Obsoletes/SeeAlso:  None

        URL:        ftp://ftp.rfc-editor.org/in-notes/rfc3093.txt


Internet Transparency via the end-to-end architecture of the Internet
has allowed vast innovation of new technologies and services [1].
However, recent developments in Firewall technology have altered this
model and have been shown to inhibit innovation.  We propose the
Firewall Enhancement Protocol (FEP) to allow innovation, without
violating the security model of a Firewall.  With no cooperation from
a firewall operator, the FEP allows ANY application to traverse a
Firewall.  Our methodology is to layer any application layer
Transmission Control Protocol/User Datagram Protocol (TCP/UDP) packets
over the HyperText Transfer Protocol (HTTP) protocol, since HTTP
packets are typically able to transit Firewalls.  This scheme does not
violate the actual security usefulness of a Firewall, since Firewalls
are designed to thwart attacks from the outside and to ignore threats
from within.  The use of FEP is compatible with the current Firewall
security model because it requires cooperation from a host inside the
Firewall.  FEP allows the best of both worlds: the security of a
firewall, and transparent tunneling thought the firewall.

This memo provides information for the Internet community.  It does
not specify an Internet standard of any kind.  Distribution of this
memo is unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@IETF.ORG.  Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body 
help: ways_to_get_rfcs.  For example:

        To: rfc-info@RFC-EDITOR.ORG
        Subject: getting rfcs

        help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.echo 
Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG.  Please consult RFC 2223, Instructions to RFC
Authors, for further information.


Joyce K. Reynolds and Sandy Ginoza
USC/Information Sciences Institute

...

Below is the data which will enable a MIME compliant Mail Reader 
implementation to automatically retrieve the ASCII version
of the RFCs.
<ftp://ftp.isi.edu/in-notes/rfc3093.txt>
Content-type: text/plain