[zrm]

Expecting all networks to do this is a pipe dream because there are too many of them and a large proportion are administered by people you might not have anything charitable to say about. And then you're stuck falling back to something ugly, like tunneling over HTTPS to a device that can map that port and using it as a relay.

But you could still use it wherever it's available. Mobile devices spend a significant proportion of the time on home WiFi networks.

And there are only three major US wireless carriers. That isn't a matter of convincing a million absentee corporate firewall administrators, it's a matter of convincing three specific entities, any one of which would be a major win.

I'm half tempted to start making "enterprise firewalls" (i.e. a thin wrapper around Linux netfilter running on commodity hardware) and then enable RFC6887 by default and put a warning in the documentation not to turn it off because forcing applications to tunnel traffic over outgoing HTTPS can impair the functionality of intrusion detection systems and remove valuable information from audit logs.