IETF Journal Announcement (fwd)
Mark Smith
nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Thu Feb 28 20:50:14 UTC 2008
On Thu, 28 Feb 2008 08:41:27 -0500
Joe Abley <jabley at ca.afilias.info> wrote:
>
> On 27-Feb-2008, at 15:09, Mark Smith wrote:
>
> > Don't worry if the ISOC website times out, their firewall isn't TCP
> > ECN compatible.
>
> Isn't it the case in the real world that the Internet isn't TCP ECN
> compatible?
>
In my experience no. The Linux kernel defaults to ECN enabled (although
I think distros switch it off), and I've been running my PC ECN enabled
for at least the last 5 to 7 years. The number of websites that I've
had trouble with in that time was such a low number (3), that I
remember what they are. The other two, other than the ISOC website,
have been fixed within the last 3 years.
That's not really an excuse anyway. The ECN bit originally was
reserved, so things that don't understand it should be ignoring it, not
making sure it's set to zero. I understand that's the fundamentals of
the robustness principle. If people claim doing that is insecure,
how are there so many firewalls out there that don't have / aren't
causing this problem?
>
> I thought people had relegated that to the "nice idea but, in
> practice, waste of time" bucket years ago.
>
Not exactly sure of it's exact status, however every now and then I
come across things relating to it e.g. I think I recently came across
proposed ECN additions to MPLS, so it still seems relevant.
Regards,
Mark.
--
"Sheep are slow and tasty, and therefore must remain constantly
alert."
- Bruce Schneier, "Beyond Fear"
More information about the NANOG
mailing list