> ...but still don't put off people turning on TCP keepalives "because > the IETF doesn't recommend that", and thus they do nothing at all and > the problem just persists.
No disagreement with what you and others have written, but note that the proposed statement only recommends not using TCP keepalives in the presence of a crypto layer on top of the TCP-layer. Perhaps the statement could be refined, something along the lines of, in cases when there is a crypto layer, to recommend not using, or at least relying on, TCP keepalives, *unless* higher-level keepalives have stopped working. To be clear, the statement as written, though not stated explicitly, recommends TCP keepalives, in cases where they make sense. Kent
