On 29 July 2014 10:09, Ted Hardie <[email protected]> wrote: > Not to cross the streams or anything, but I'm wondering why an API > requirement to protect the headers couldn't be inserted here. Obviously > there are costs in latency in some of the RST cases described, but if it is > an available knob, presumably it could get set when it is important to an > application and left unset when not.
Probably. In this case, the knob might govern the reaction to an unprotected RST, rather than whether it is protected. You could protect RST always and then ignore an authentication failure in some circumstances too (say, on an idle connection). The trick will likely be working out what the right knobs are. Or, if we subscribe to the "no API == success" school, that means some other difficult decisions, like whether we want to define what "idle" means. _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
