On Mon, Feb 26, 2018 at 12:21 AM, Joe Touch <[email protected]> wrote:
> > > On Feb 25, 2018, at 8:51 PM, Christopher Morrow <[email protected]> > wrote: > > I am very skeptical of the justification for performance enhancing >> proxies in section 2.2.4. It develops the idea that having a form of >> > > These are primarily 'satellite games' proxies.. that early-ack and such to > make the long satellite portion of the transport seem short(er). > They only REALLY need to see TCP headers, so ipsec is problematic, but not > (probably) tls. > > > Enabling TCP Hijacking should never be justification for “needing” to > avoid transport header privacy, IMO. > > Games or other apps that “need” such support ought to “need” to explicitly > permit it by peering their security with those proxies directly. > apologies: "games" in my reply could better be called: "shennanigans" ... not games like farmville, but messy things the satellite ( in the past anyway) providers would do to make tcp appear to perform better in their environment. Yes, people COULD ipsec around that problem. Yes, people COULD md5-tcp around that problem. (tcp-ao, ha!) generally none of that has happened though.
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
