Don't worry if the ISOC website times out, their firewall isn't TCP
ECN compatible. It was going to be fixed a couple of years ago when I
enquired about it, but obviously hasn't been. Being liberal in what
they'll accept seems to be a bit of a problem for them.
It's the last remaining non-ECN compatible website that I've tried to
access over the last couple of years. The others I'd had trouble with
have all become ECN friendly.
> Don't worry if the ISOC website times out, their firewall isn't TCP
> ECN compatible.
Isn't it the case in the real world that the Internet isn't TCP ECN
compatible?
In my experience no. The Linux kernel defaults to ECN enabled (although
I think distros switch it off), and I've been running my PC ECN enabled
for at least the last 5 to 7 years. The number of websites that I've
had trouble with in that time was such a low number (3), that I
remember what they are. The other two, other than the ISOC website,
have been fixed within the last 3 years.
That's not really an excuse anyway. The ECN bit originally was
reserved, so things that don't understand it should be ignoring it, not
making sure it's set to zero. I understand that's the fundamentals of
the robustness principle. If people claim doing that is insecure,
how are there so many firewalls out there that don't have / aren't
causing this problem?
I thought people had relegated that to the "nice idea but, in
practice, waste of time" bucket years ago.
Not exactly sure of it's exact status, however every now and then I
come across things relating to it e.g. I think I recently came across
proposed ECN additions to MPLS, so it still seems relevant.