Re: hotmail not dealing with ECN

[Brian May]

>>>>> "David" == David Wagner <[EMAIL PROTECTED]> writes:

    David> Practice being really, really paranoid.  Think: You're
    David> designing a firewall; you've got some reserved bits,
    David> currently unused; any future code that uses them could
    David> behave in completely arbitrary and insecure ways, for all
    David> you know.  Now recall that anything not known to be safe
    David> should be denied (in a good firewall) -- see Cheswick and
    David> Bellovin for why.  When you take this point of view, it is
    David> completely understandable why firewalls designed before ECN
    David> was introduced might block it.

In which case, people who use these firewall products need to realize
that future developments may break these assumptions, and that the
firewall software needs to be updated/reconfigured as a result.
-- 
Brian May <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/