Fernando Gont <ferna...@gont.com.ar> writes: > On 03/01/2011 06:25 p.m., Brian E Carpenter wrote:
> > The basic motivation for the present draft is clear: > > > >> However, > >> some intermediate nodes such as firewalls, may need to look at the > >> transport layer header fields in order to make a decision to allow or > >> deny the packet. > > > > That is, help middleboxes to violate e2e transparency and, furthermore, > > allow unknown headers to cross those middleboxes. > I don't think this I-D will make a difference. > From the POV of a firewall, unless it really wants a packet to > pass-through, it will block it. I think this is the crux of the problem. firewalls, by default, discard stuff. They don't like the idea of allowing unknown or "uncommon" things through. Defining new options and expecting firewalls to give them a blank check to go through I suspect is wishful thinking. And look at this from the perspective of someone who wants to deploy a new option. If 80% of the firewalls allow the new option through, will this be good enough for deployment? Doubtful. What about 98% cooperation from firewalls? Again, quite possibly not. Unless this document is widely implemented in practice, it's far from clear it is useful. We've seen time and time again that deploying something new is a non-starter if there are key parts of the infrastructure that don't support or allow it. I remain skeptical that this draft solves a real problem in a meaningful way. Thomas -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------