However, this draft is specifically about firewall rules and the
firewall would have to do quite heavy work on the packet to implement
this sort of rule - not all firewalls are ncecessarily capable of this.
Note that the firewall needs not keep per-conenction state to perform
the checks I mentioned.
If the firewall can carry out the checks then they shuld apply to
error messages for any sort of transport and not just TCP.
Correct. But this ingress and egress filtering policy is not
TCP-specific, but general. Not that it does not require per-connection
state, and thus it does not require firewalls to be able to parse the
transport protocol headers.
Also if the embedded packet is encrypted, it would not be possible to
tell that it was specifically a TCP packet.
Well, you need not know it to filter it.
As regards referencing the draft, I did consider this: it would be
possible but it would preferable if it was clear that it was going to
become an RFC.
As to whether it is clear it will become an RFC, I hope and think so.
However, I'm not sure this is relevant. If I submitted the draft
directly to the RFC Editor to publish it as Informational, the
processing backlog might be long enough to be certain.
I notice that the current version of the draft has expired...
No, current version is -05, and has been available since September 5th.
are you making any moves to either have this adopted as a wg draft or
get it published as an individual submission RFC.
Yes, I will be presenting the draft at the next IETF, in the TCPM WG
meeting. Pekka Savola presented this draft at IETF 62, too.
And this draft has probably been the most discussed draft at the TCPM
WG mailing list since August 2004.
The draft has even received support from the IAB in their document
"Architectural Implications of Link Indications"
(draft-iab-link-indications-03). And is referenced in the current
ICMPv6 draft.
I would suggest you talk to either Margaret Wasserman (covering the
ipv6 group) or David Kessens (v6ops) to see if you can have it
published as an individual submission via AD since it is pretty much
complete and the IPv6 wg is currently winding down and maybe
reluctant to take on new work.
Thanks for your comments. We are still discussing the draft at the
TCPM WG, and I hope it becomes a WG item in the next IETF.
Not to mention that if your schedule allows you, I'd appreciate if you
could be present at that meeting. It would certainly help to move
things forward. We will also be discussing
draft-gont-tcpm-tcp-soft-errors-02.txt, which originated in this WG
(v6ops), and is still being argued against at the TCPM WG.
Kindest regards,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org