North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: IETF Journal Announcement (fwd)
On Thu, 28 Feb 2008 08:41:27 -0500 Joe Abley <jabley@xxxxxxxxxxxxxxx> wrote: > > On 27-Feb-2008, at 15:09, Mark Smith wrote: > > > Don't worry if the ISOC website times out, their firewall isn't TCP > > ECN compatible. > > Isn't it the case in the real world that the Internet isn't TCP ECN > compatible? > In my experience no. The Linux kernel defaults to ECN enabled (although I think distros switch it off), and I've been running my PC ECN enabled for at least the last 5 to 7 years. The number of websites that I've had trouble with in that time was such a low number (3), that I remember what they are. The other two, other than the ISOC website, have been fixed within the last 3 years. That's not really an excuse anyway. The ECN bit originally was reserved, so things that don't understand it should be ignoring it, not making sure it's set to zero. I understand that's the fundamentals of the robustness principle. If people claim doing that is insecure, how are there so many firewalls out there that don't have / aren't causing this problem? > > I thought people had relegated that to the "nice idea but, in > practice, waste of time" bucket years ago. > Not exactly sure of it's exact status, however every now and then I come across things relating to it e.g. I think I recently came across proposed ECN additions to MPLS, so it still seems relevant. Regards, Mark. -- "Sheep are slow and tasty, and therefore must remain constantly alert." - Bruce Schneier, "Beyond Fear"