On Tue, Feb 14, 2023 at 04:22:48PM +1300, Marten Seemann wrote:
> It hides certain bits of the header, as well as the packet number,
> from an on-path observer. This is crucial to prevent middleboxes from
> being "helpful" and acting upon (observed) gaps in packet numbers. As
> such, it's hard to define what a reasonable tradeoff would be. Giving
> up on an anti-ossification measure always seems fine at first, until
> at some point it isn't any more.
If the proposed feature is negotiated via a default-off extension, and
used in high-speed internal datacentre networks, then its use is at the
internal discretion of the datacentre network designers. Presumably, in
such networks middleboxes of the sort you mention are a no-go just on
performance grounds.
Yes, especially if not on by default, the feature is liable to run into
barriers on networks with random middlebox crud. Is sufficient reason
to preclude well-motivated negotiated use elsewhere?
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
