Well, we haven't even figured out what the requirements are, so it's
fairly clear to me that implementations are premature at best.
There is a published test of middlebox transit issues that should inform
our progress, rather than anecdotal evidence of a limited deployment test.
Joe
On 12/3/2014 7:31 PM, Watson Ladd wrote:
> Dear all,
>
> One of the selling points of the TLS option was how easy it would be
> to implement: after all, we've already got TLS implementations and a
> few kernel-level changes to permit userspace to set the option is all
> that is required for an implementation. Yet I don't see an
> implementation, which would make Nico's and Joe's contentions about
> how to implement much clearer, along with other things.
>
> Without working implementations, ideally deployed across a wide number
> of networks, we can't actually determine all the terrible things that
> can go wrong, and what the impact is. So far only tcpcrypt has this
> data. I don't know that much about networking, so I'm sure there are
> disadvantages of tcpcrypt that I'm not spotting, but I'm virtually
> certain that we're better off testing middleboxes for compatibility
> then talking about what they will and won't do, and having that
> information inform an eventual decision about what to deploy.
>
> Sincerely,
> Watson Ladd
>
> ___
> Tcpinc mailing list
> Tcpinc@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpinc
>
___
Tcpinc mailing list
Tcpinc@ietf.org
https://www.ietf.org/mailman/listinfo/tcpinc