On 2/10/2022 12:34 PM, James Cloos wrote:
"CH" == Christian Huitema<[email protected]> writes:
CH> and you get 40% of names served by a small number of servers. For that set,
CH> I would expect that the typical DoQ query will be a session resumption.
does quic session resumption correctly work in the face of any-cast servers?
IU that tls s-r often fails in such cases, yes?
It depends. If anycast routing points back to the same server, life is
good. If it goes to a different location, that depends on the
deployment, and the way the server farms manage their session tickets.
There is also a QUIC option for quickly migrating a connection from
anycast to unicast, the "preferred address" parameter. If the server
uses that option, the client migrates to the preferred address as soon
as the handshake completes, keeping the same encryption context, etc.
The goal was to make sure that long QUIC connection remain stable, even
if anycast routing changes. I imagine that if a client receives session
tickets and new tokens from the preferred address, it could attempt
session resumption directly at that address. We may want to clarify that
in the QUIC WG.
-- Christian Huitema
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
