mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?)

Make that 15....

    --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Application layer firewalls have existed for at least 6 years.

Make that 15....

I suspect that claiming to that they existed farther back than 1990 would require careful debate about the functionality.

Taking it at its most general: a boundary barrier service that mediated particular application exchanges between an "interior" Administrative Environment, versus the rest of the public network. One can reasonably argue than any such mediation has a security component to it.

Therefore one could argue that firewall functionality was around at least 25 years ago -- there were a number of email boundary gateway mediating services by then -- and very probably back to 1973. (I just know that some MIT type is going to claim pre-1970, given the generality of the definition I offered.)

d/

Dave,

I think the mail gateways back when the various networks were being put
together into an internet had as their functional purpose unifying
disparate networks. On the contrary, a firewall has as its purpose
partitioning a network that otherwise would not have been. I don't
think one will hear from MIT, given that.

But Steve and Ches and Dave Presotto at Bell, and Brian Reid and others
at DEC, were doing the partitioning thing in the late 1980's and 1990.
Right?

Joseph S D Yao <jsdy@center.osis.gov> writes:

Dave,

I think the mail gateways back when the various networks were being put
together into an internet had as their functional purpose unifying
disparate networks. On the contrary, a firewall has as its purpose
partitioning a network that otherwise would not have been.

When ARPA and MILNET were segmented in 1984, there were
(Fuzzball-based IIRC) mail gateways between the two networks.

The intended purpose of these devices was to restrict inter-network
traffic to only email between two networks that were formerly one, so
they're best looked at as a policy enforcement tool rather than a
unifier the same way that, say, WISCVM.BITNET or ...!uunet!... was.
It's not clear to me whether they were simply packet filters or actual
application level gateways (given the capabilities of the fuzzball, my
inclination is to think the former, but it's still worth taking note
of). Besides, I was in high school at the time; it's not as if I had
anything to do with the actual implementation.

Those of a historical mind are encouraged to read Request For Kludges
821 - SMTP Polymorph Command:
http://www.ibiblio.org/pub/docs/humor/fionavar/rfk_821

You may also find this interesting (particularly "On the
Undesirability of 'Mail Bridges' as a Security Measure" by the late
Mike Muuss); "walled garden" complaints and griping about gratuitously
hosing the end-to-end model far predate the last decade and the
lossage imparted by NAT:

I don't think one will hear from MIT, given that.

As much time as I've spent hanging out at MIT over the years, I don't
count. :wink:

                                        ---Rob

...

When ARPA and MILNET were segmented in 1984, there were
(Fuzzball-based IIRC) mail gateways between the two networks.

...

I hadn't thought back to that. From what I remember of the intent, and
the little I knew about the intended design, they would qualify.

But ... did the full intended partitioning ever happen? That I don't
remember, I was working on a kind of isolated network at the time. :wink: