> From: Paul Vixie <[email protected]> > also, in TCPCT there's room for a payload in the SYN.
In theory there was also room for a payload in the TCP SYN before popular defenses against syn-flooding. > in practice this means a normal three way handshake for the first > connection between an endpoint-pair, but there's a single round trip on > any subsequent connection between that endpoint-pair, involving one > packet to send the request, and one or more packets to send the response. > level -- i think tcp/80 could benefit from zero state cost in > responders, and single round trip for request plus multipacket response, > <http://static.usenix.org/publications/login/2009-12/openpdfs/metzger.pdf>. > argue for TCPCT i'm arguing for it on the general principle that we'd > like a responder to have proof of requester identity before sending a > multipacket response. we would not use these powers to make OR ubiquitous. That bit about mult-packet responses is critical. Replacing 2 DNS/UDP packets with 9 DNS/TCP or 9 DNS/TCPCT for an isolated request is unprofitable. However, if the DNS response is not a single <=512 byte UDP packet but a train of DNS/UDP/IP fragments carrying 2 or 3 KBytes, ... Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
