RFC 3093 (rfc3093) - Page 1 of 11
Firewall Enhancement Protocol (FEP)
Alternative Format: Original Text Document
Network Working Group M. Gaynor
Request for Comments: 3093 S. Bradner
Category: Informational Harvard University
1 April 2001
Firewall Enhancement Protocol (FEP)
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
Internet Transparency via the end-to-end architecture of the Internet
has allowed vast innovation of new technologies and services [1].
However, recent developments in Firewall technology have altered this
model and have been shown to inhibit innovation. We propose the
Firewall Enhancement Protocol (FEP) to allow innovation, without
violating the security model of a Firewall. With no cooperation from
a firewall operator, the FEP allows ANY application to traverse a
Firewall. Our methodology is to layer any application layer
Transmission Control Protocol/User Datagram Protocol (TCP/UDP)
packets over the HyperText Transfer Protocol (HTTP) protocol, since
HTTP packets are typically able to transit Firewalls. This scheme
does not violate the actual security usefulness of a Firewall, since
Firewalls are designed to thwart attacks from the outside and to
ignore threats from within. The use of FEP is compatible with the
current Firewall security model because it requires cooperation from
a host inside the Firewall. FEP allows the best of both worlds: the
security of a firewall, and transparent tunneling thought the
firewall.
1.0 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.
Gaynor & Bradner Informational