Hi Ron,
At 16:55 13-10-2013, Ronald Bonica wrote:
Are you suggesting that we don't address the problem because the
code is too complex to touch?
It's a known problem since at least seven years. Given that the
problem is labelled as a security issue there would have to be some
changes to the specification at some point. There were design
decisions to implement the specification and the code has been
deployed. The proposed outbound change is one sentence. The code
change to implement that one sentence requires reviewing some
implementation decisions (re. encapsulation, etc.). Please note that
I am not arguing for or against a change in the RFC 2119 key
words. The write-up only mentions that the draft has been
implemented on stateless firewalls. I am curious about whether there
are any implementations for a host.
Regards,
-sm