On Wed, Nov 19, 2014 at 5:33 PM, Mankin, Allison <[email protected]> wrote: > > We quantified this in measurement/modeling studies joint with USC/ISI - TCP > connections from stub to recursive need to be held open only on the order of > 20 seconds at at time in order to have high reuse rates. One of the > measurement sets we used in the study is the DITL set from Level3’s big > public DNS server, and these numbers held up. And TCP TFO (almost RFC) and > TLS Resume add to the optimizations beyond that. Phillip, what you wrote is > extremely oversimplified.
Can you explain what you think I oversimplified in a simple manner? I think that you are making things needlessly complex. If you want to match the traditional DNS latency of one UDP round trip then use a protocol that uses one UDP round trip. What interests the browser folk is how much time it takes to download a page and they split that into the original HTML and the attachments. Today pages typically contain lots of iFrame elements and CDN hosted content and so it isn't surprising that DNS lookups tend to be batched. But you will still incur the cost of the TCP open on the first lookup. Sure we can do performance tests, but lets ask the browser folk to set the criteria. There is nothing particularly great about TLS framing. And in fact you have to set a flag to do encryption and authentication in the right order. Framing is easy, its key exchange that is the hard part. Rather than trying to work in a straightjacket with the key exchange welded to one framing, separate the two and allow folk to choose framing that fits their task. TCP Fast Open looks like a great idea. But are you seriously suggesting that you can rely on a proposal that is not an RFC yet to score a performance tradeoff? The vast majority of platforms in use today are Windows and OSX. Neither supports TFO right now as far as I can find out from the Google. > In addition, I think we're unwise to be debating between mechanisms anyway. > Different providers and different end-sites will have different deployment > and operational circumstances. A small selection of tools with diverse > deployment and operations characteristics are likely to all be used. Have you looked at SXS-Connect? It is designed to enable exactly that type of service agility. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
