On Wed, Sep 05, 2001 at 06:30:27PM -0700, Neil T. Spring wrote:
> My point is: the maintainers have spoken. If we're going
> to make progress in helping users behind broken equipment,
> we're going to have to find another way that doesn't offend
> Herbert, Craig, and Anthony's sense of idealism.
I'm not sure what you mean by "idealism" but surely it's obvious the
solution that's closest to ideal for the most users should be chosen as
the default. We've currently had what options?
1) Disable ECN in the kernel, and let people who want it recompile
the kernel by hand. Pros: doesn't hurt anyone, follows the upstream
kernel defaults. Cons: makes it hard for people to enable, which
in the long term damages the Internet's resiliance to DoS attacks.
2) Leave ECN in the kernel, but disable it externally by default. Pros:
doesn't hurt anyone, makes it easy to change. Cons: requires kludging
around in other packages (boot-floppies and procps/netbase)
3) Leave ECN in the kernel, enabled by default. Pros: easy to setup, easy
to change after the fact. Cons: neophytes can easily be confused when
random sites start not working unpredictably from Debian machines
but work fine elsewhere.
Another option, which would require a minor patch to the kernel, would be
to have ECN default to disabled even when compiled into the kernel (and
thus require an explit 'echo 1 >/proc/sys/net/ipv4/tcp_ecn' to enable).
This'd be analagous to the current behaviour with IP forwarding.
There might be other options too.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``_Any_ increase in interface difficulty, in exchange for a benefit you
do not understand, cannot perceive, or don't care about, is too much.''
-- John S. Novak, III (The Humblest Man on the Net)
Attachment:
pgpetYKN5nuYd.pgp
Description: PGP signature