> Worley, Dale R wrote: > Someone says, Many deployed systems don't > implement that mechanism correctly. That's not what I said; the mechanism is deployed correctly, the problem is that there is another layer on top of it (in that case, the Windows Firewall, but it's not the only culprit) that prevents the otherwise working code from working correctly. I forgot to mention it, but the #1 remedy to the problem was to disable the SP2 Windows Firewall. This problem has become highly visible because of the sheer number of Windows XP hosts out there. Even as of today, XP still ranks #1 in the deployed host platform. That being said, I have seen many firewall policies on the firewall side that blocked it too; the problem is not only a Microsoft one. The mechanism (ICMP redirects) is technically fine and socially not. People have become paranoid and now they firewall everything. It is a behavioral animal. I'm not saying it's a good idea; the market answer to crossing firewalls is to encapsulate everything into HTTPS, which is probably worse. But then again, we have to deal with market pressure against technically sound solutions, and the market almost always wins. > It seems that the answer is to fix the deployed > systems, rather than designing a new mechanism. It is not the deployed systems we have to fix. P.I.C.N.I.C. Michel. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf