On Jul 28, 2014, at 5:28 PM, Watson Ladd <[email protected]> wrote:
> > On Jul 28, 2014 7:18 AM, "Eggert, Lars" <[email protected]> wrote: > > > > On 2014-7-28, at 16:00, Erik Nygren <[email protected]> wrote: > > > I do wonder if protecting RSTs and thus other parts of the header as well > > > is more tractable with both endpoints using IPv6 (where NAT66 is strongly > > > discouraged and privacy addressing may help some with the reboot case > > > depending how how clients handle rotating priv addrs across reboots) ? > > > > Maybe. With privacy addressing, if one side reboots, it can't send a > > protected RST anymore anyway (because it will generate a different source > > address, which the other side won't accept an RST from). > > Back up a sec. If I get a RST and ignore it, then the connection times out as > there is no ACK. Am I missing something here? > Only that the connection can take a long time to time out. Measured in minutes. Applications such as browsers, telnet/ssh/ftp clients, even mail clients give the user a good indication that something is wrong when the connection is cut. Waiting for a timeout the user is left watching spinning beachballs / spinning semi-circles / blinking cursors etc. Yoav
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
