IETF Journal Announcement (fwd)

• Previous message (by thread): IETF Journal Announcement (fwd)
• Next message (by thread): IETF Journal Announcement (fwd)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 28 Feb 2008 08:41:27 -0500
Joe Abley <jabley at ca.afilias.info> wrote:

> 
> On 27-Feb-2008, at 15:09, Mark Smith wrote:
> 
> > Don't worry if the ISOC website times out, their firewall isn't TCP
> > ECN compatible.
> 
> Isn't it the case in the real world that the Internet isn't TCP ECN  
> compatible?
>

In my experience no. The Linux kernel defaults to ECN enabled (although
I think distros switch it off), and I've been running my PC ECN enabled
for at least the last 5 to 7 years. The number of websites that I've
had trouble with in that time was such a low number (3), that I
remember what they are. The other two, other than the ISOC website,
have been fixed within the last 3 years.

That's not really an excuse anyway. The ECN bit originally was
reserved, so things that don't understand it should be ignoring it, not
making sure it's set to zero. I understand that's the fundamentals of
the robustness principle. If people claim doing that is insecure,
how are there so many firewalls out there that don't have / aren't
causing this problem?

> 
> I thought people had relegated that to the "nice idea but, in  
> practice, waste of time" bucket years ago.
>

Not exactly sure of it's exact status, however every now and then I
come across things relating to it e.g. I think I recently came across
proposed ECN additions to MPLS, so it still seems relevant. 

Regards,
Mark.

-- 

        "Sheep are slow and tasty, and therefore must remain constantly
         alert."
                                   - Bruce Schneier, "Beyond Fear"

• Previous message (by thread): IETF Journal Announcement (fwd)
• Next message (by thread): IETF Journal Announcement (fwd)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]