[102822] in North American Network Operators' Group
Re: IETF Journal Announcement (fwd)
daemon@ATHENA.MIT.EDU (Mark Smith)
Thu Feb 28 15:58:15 2008
Date: Fri, 29 Feb 2008 07:20:14 +1030
From: Mark Smith <nanog@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org>
To: Joe Abley <jabley@ca.afilias.info>
Cc: Lucy Lynch <llynch@civil-tongue.net>, nanog@merit.edu
In-Reply-To: <44A7020F-381D-4CAD-974D-54A863579FD0@ca.afilias.info>
Errors-To: owner-nanog@merit.edu
On Thu, 28 Feb 2008 08:41:27 -0500
Joe Abley <jabley@ca.afilias.info> wrote:
>
> On 27-Feb-2008, at 15:09, Mark Smith wrote:
>
> > Don't worry if the ISOC website times out, their firewall isn't TCP
> > ECN compatible.
>
> Isn't it the case in the real world that the Internet isn't TCP ECN
> compatible?
>
In my experience no. The Linux kernel defaults to ECN enabled (although
I think distros switch it off), and I've been running my PC ECN enabled
for at least the last 5 to 7 years. The number of websites that I've
had trouble with in that time was such a low number (3), that I
remember what they are. The other two, other than the ISOC website,
have been fixed within the last 3 years.
That's not really an excuse anyway. The ECN bit originally was
reserved, so things that don't understand it should be ignoring it, not
making sure it's set to zero. I understand that's the fundamentals of
the robustness principle. If people claim doing that is insecure,
how are there so many firewalls out there that don't have / aren't
causing this problem?
>
> I thought people had relegated that to the "nice idea but, in
> practice, waste of time" bucket years ago.
>
Not exactly sure of it's exact status, however every now and then I
come across things relating to it e.g. I think I recently came across
proposed ECN additions to MPLS, so it still seems relevant.
Regards,
Mark.
--
"Sheep are slow and tasty, and therefore must remain constantly
alert."
- Bruce Schneier, "Beyond Fear"
