On Tue, Feb 14, 2023 at 04:22:48PM +1300, Marten Seemann wrote: > It hides certain bits of the header, as well as the packet number, > from an on-path observer. This is crucial to prevent middleboxes from > being "helpful" and acting upon (observed) gaps in packet numbers. As > such, it's hard to define what a reasonable tradeoff would be. Giving > up on an anti-ossification measure always seems fine at first, until > at some point it isn't any more.
If the proposed feature is negotiated via a default-off extension, and used in high-speed internal datacentre networks, then its use is at the internal discretion of the datacentre network designers. Presumably, in such networks middleboxes of the sort you mention are a no-go just on performance grounds. Yes, especially if not on by default, the feature is liable to run into barriers on networks with random middlebox crud. Is sufficient reason to preclude well-motivated negotiated use elsewhere? -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls