On 30/Aug/11 04:50, Michel Py wrote: > > The mechanism (ICMP redirects) is technically fine and socially not. > People have become paranoid and now they firewall everything. It is a > behavioral animal. I'm not saying it's a good idea; the market answer to > crossing firewalls is to encapsulate everything into HTTPS, which is > probably worse. But then again, we have to deal with market pressure > against technically sound solutions, and the market almost always wins. That brings us back to the problem that "free routing" is apparently insecure. OTOH, there are large expectations from RIRs and network providers, about security and policy routing, especially on port 25. On closer inspection, though, those chaps don't seem to be eager to play net-cops. Should we go for secure routing, now that we have secure DNS? _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf