North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IETF Journal Announcement (fwd)

  • From: Mark Smith
  • Date: Thu Feb 28 16:01:44 2008

On Thu, 28 Feb 2008 08:41:27 -0500
Joe Abley <[email protected]> wrote:

> On 27-Feb-2008, at 15:09, Mark Smith wrote:
> > Don't worry if the ISOC website times out, their firewall isn't TCP
> > ECN compatible.
> Isn't it the case in the real world that the Internet isn't TCP ECN  
> compatible?

In my experience no. The Linux kernel defaults to ECN enabled (although
I think distros switch it off), and I've been running my PC ECN enabled
for at least the last 5 to 7 years. The number of websites that I've
had trouble with in that time was such a low number (3), that I
remember what they are. The other two, other than the ISOC website,
have been fixed within the last 3 years.

That's not really an excuse anyway. The ECN bit originally was
reserved, so things that don't understand it should be ignoring it, not
making sure it's set to zero. I understand that's the fundamentals of
the robustness principle. If people claim doing that is insecure,
how are there so many firewalls out there that don't have / aren't
causing this problem?

> I thought people had relegated that to the "nice idea but, in  
> practice, waste of time" bucket years ago.

Not exactly sure of it's exact status, however every now and then I
come across things relating to it e.g. I think I recently came across
proposed ECN additions to MPLS, so it still seems relevant. 



        "Sheep are slow and tasty, and therefore must remain constantly
                                   - Bruce Schneier, "Beyond Fear"