On Jan 5, 2012, at 10:31 PM, Fernando Gont wrote: > On 01/05/2012 11:08 PM, Joel M. Halpern wrote: >> Are we really prepared to say that there can be no new protocosl at the >> Internet or Transport layer, ever again. Not even new extensions? > > I'm personally ready to admit that new transport protocols and new IPv4 > options are hard to deploy. > > >> I do not think most folks ahve that view. >> But taht is the corrolary of the assumption that >> a) things need to work through firewalls > > I don't have such assumption. Actually, I'm rather in the camp of what > somebody wrote years ago "firewall-friendly protocols are really > 'firewall-unfriendly', because they are designed to circumvent the > policies specified by the firewall administrators". > > So I don't think that one should necessarily design protocols to work > through firewalls. BUt at the same time one shouldn't be surprised if > they don't. > > >> b) that firewalls will and should block everything that they do not >> understand. > > Well, firewalls generally enforce policies, and they generally try to > allow the "good" stuff in, while keeping the "bad" stuff out, with the > assumption that "good" is only that stuff that "I know and I need". > > When one wears the protocol-development hat, that's frustrating and > ugly. When one wears the "security" hat, that's the obvious way to avoid > trouble for stuff that you don't really need). > > As usual, it's also clear that taking things to the extreme is usually > not a good idea.
I have to say, I'm certainly not as defeatist as Joel sounds, but I do hear his concern. I do firmly believe we can't solve everyones broken network issues or keep them from doing something wrong. - Jared -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
