Dear all, One of the selling points of the TLS option was how easy it would be to implement: after all, we've already got TLS implementations and a few kernel-level changes to permit userspace to set the option is all that is required for an implementation. Yet I don't see an implementation, which would make Nico's and Joe's contentions about how to implement much clearer, along with other things.
Without working implementations, ideally deployed across a wide number of networks, we can't actually determine all the terrible things that can go wrong, and what the impact is. So far only tcpcrypt has this data. I don't know that much about networking, so I'm sure there are disadvantages of tcpcrypt that I'm not spotting, but I'm virtually certain that we're better off testing middleboxes for compatibility then talking about what they will and won't do, and having that information inform an eventual decision about what to deploy. Sincerely, Watson Ladd _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
