Hi Mike,
Naïve question (I am not a DTLS / routing expert). Does this spec introduce a new DDoS surface in the case that the new (preferred) path is longer, and therefore the connection will keep pausing to do this path-check? I expected to see somewhere a recommendation for a guard against that – only do this once per pair of paths, or something similar.
At least, as any other additional message exchange, it will add some latency to the original message exchange. Such an (additional) RRC exchange is only applied, if the source address is changing (e.g. NAT timeout) and the response comes with an amplification. In my experience, it is very common that a first message after a quiet phase takes anyway a little longer, as well as a GET with larger response also may take some more time. So for me it doesn't add something new, but it enlarges it a little. br Achim _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
