David> Practice being really, really paranoid. Think: You're
David> designing a firewall; you've got some reserved bits,
David> currently unused; any future code that uses them could
David> behave in completely arbitrary and insecure ways, for all
David> you know. Now recall that anything not known to be safe
David> should be denied (in a good firewall) -- see Cheswick and
David> Bellovin for why. When you take this point of view, it is
David> completely understandable why firewalls designed before ECN
David> was introduced might block it.
In which case, people who use these firewall products need to realize
that future developments may break these assumptions, and that the
firewall software needs to be updated/reconfigured as a result.
-- Brian May <bam@snoopy.apana.org.au> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/