Are we really prepared to say that there can be no new protocosl at the
Internet or Transport layer, ever again. Not even new extensions?
I do not think most folks ahve that view.
But taht is the corrolary of the assumption that
a) things need to work through firewalls
b) that firewalls will and should block everything that they do not
understand.
There are contexts where such behavior is appropriate, and possibly even
necessary.
But if we take that as our design assumption, then we might as well stop
lots of work we are doing.
Yours,
Joel
On 1/5/2012 4:19 PM, Fernando Gont wrote:
On 01/05/2012 02:33 PM, Templin, Fred L wrote:
SEAL provides a new signalling mechanism called "SCMP"
which is intended to traverse firewalls that might block
ICMP messages. SCMP messages include a message signature
that the source node can use to determine whether the
packet-in-error corresponds to a packet the node actually
sent. Under what reasonable circumstances could even a
paranoid firewall block that?
"SEAL? We're not using it, so let's block it"
[Without knowing about SEAL or its packets' syntax]
Bottom-line is that unless you're protocol cannot easily be
distinguished from some widely-deployed/widely-used protocol, it's
probably going to be blocked. That's why e.g. firewall-friendly
protocols tend to run over HTTP.
P.S.: I'm just the messenger...
Thanks,
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
