Peter Arberg writes: > I agree it would be "more robust" following your suggestion, but this > was also discussed back in May-05, and it is a consious choice we made > and say Service Providers knows their network, and as such by disabling > this functionality by default, we are saying that PPP session setup > time is more important than a per session setup security check, BUT > at the same time we agree that a troubleshooting functionality is needed > in case end-to-end connectivity can not be established. I don't think it's a wise choice at all. For those who perform the check, the check can be done in parallel with everything else the link does (such as IPCP negotiation), so there's no reason to suppose that it will somehow affect session set-up time. Plus, in the case where the test succeeds, it's very quick -- no timeout required because the large size packet will get through and be echoed back. And more importantly, if there is a problem with the path, then the failure mode will be quite obscure, painful, and difficult for mere users to diagnose. So, I don't think it's a good choice to offer at all, but since this document seems to be reflecting some existing deployment practices or implementations rather than design, I suppose I'm not overly concerned if the advice has flaws. -- James Carlson, KISS Network <james.d.carlson@xxxxxxx> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf