Re: hotmail not dealing with ECN

From: Brian May (
Date: Fri Jan 26 2001 - 23:59:25 EST

>>>>> "David" == David Wagner <> writes:

    David> Practice being really, really paranoid. Think: You're
    David> designing a firewall; you've got some reserved bits,
    David> currently unused; any future code that uses them could
    David> behave in completely arbitrary and insecure ways, for all
    David> you know. Now recall that anything not known to be safe
    David> should be denied (in a good firewall) -- see Cheswick and
    David> Bellovin for why. When you take this point of view, it is
    David> completely understandable why firewalls designed before ECN
    David> was introduced might block it.

In which case, people who use these firewall products need to realize
that future developments may break these assumptions, and that the
firewall software needs to be updated/reconfigured as a result.

Brian May <>
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jan 31 2001 - 21:00:26 EST