On Wed, Jul 10, 2024 at 3:02 PM Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote:
If your problem is small enough that you can use air gaps effectively, and tightly restrict physical communications paths, you should by all means do so. They're certainly useful, but IMO of limited applicability.
(And air gaps are getting more difficult than ever to use in practice unless you have the luxury of tightly specifying the hardware used. Disallow WiFi hardware, Bluetooth hardware, USB controllers, maybe some other things.)
Yup, it is impractical except for the very highest value assets.
And since I don't have Tier 6 physical security, the yellow net is for TEST, not production.
I mostly agree with you on the remainder of your message, though I think trying to shoehorn everything into HTTP is about as bad as trying to reuse FTP.
I agree, and I was one of the HTTP/1.0 instigators.
One of the reasons I dropped out of HTTP/2, besides there being too many cooks in the kitchen is that I decided making HTTP work well for Web Services is the wrong approach.
HTTP/2 should serve the purpose of delivering chunks of asynchronous data.
Another protocol (e.g. MOQ) should serve the purpose of supporting streaming synchronous data with features like dropping frames, downgrading resolution, etc.
A third protocol should serve Web Services.
Now clearly, you don't want these approaches to be different for the sake of it. And you might well have a use case where you want a single QUIC connection to be doing all three. But they are three different things.
