On 01/05/2012 02:33 PM, Templin, Fred L wrote: > SEAL provides a new signalling mechanism called "SCMP" > which is intended to traverse firewalls that might block > ICMP messages. SCMP messages include a message signature > that the source node can use to determine whether the > packet-in-error corresponds to a packet the node actually > sent. Under what reasonable circumstances could even a > paranoid firewall block that?
"SEAL? We're not using it, so let's block it" [Without knowing about SEAL or its packets' syntax] Bottom-line is that unless you're protocol cannot easily be distinguished from some widely-deployed/widely-used protocol, it's probably going to be blocked. That's why e.g. firewall-friendly protocols tend to run over HTTP. P.S.: I'm just the messenger... Thanks, -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------