On 01/05/2012 11:08 PM, Joel M. Halpern wrote: > Are we really prepared to say that there can be no new protocosl at the > Internet or Transport layer, ever again. Not even new extensions?
I'm personally ready to admit that new transport protocols and new IPv4 options are hard to deploy. > I do not think most folks ahve that view. > But taht is the corrolary of the assumption that > a) things need to work through firewalls I don't have such assumption. Actually, I'm rather in the camp of what somebody wrote years ago "firewall-friendly protocols are really 'firewall-unfriendly', because they are designed to circumvent the policies specified by the firewall administrators". So I don't think that one should necessarily design protocols to work through firewalls. BUt at the same time one shouldn't be surprised if they don't. > b) that firewalls will and should block everything that they do not > understand. Well, firewalls generally enforce policies, and they generally try to allow the "good" stuff in, while keeping the "bad" stuff out, with the assumption that "good" is only that stuff that "I know and I need". When one wears the protocol-development hat, that's frustrating and ugly. When one wears the "security" hat, that's the obvious way to avoid trouble for stuff that you don't really need). As usual, it's also clear that taking things to the extreme is usually not a good idea. Thanks, -- Fernando Gont e-mail: [email protected] || [email protected] PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
