On Thu, Jun 04, 2020 at 03:26:17PM -0600, Craig Partridge wrote: > The SSH spec says terminate on failure and that it requires a reliable > underpinning. > > Termination on error is no good. One of the studies shows huge failure > rates (over 50%) for large file transfers. One guess is that's due to > security protocols terminating when TCP hands up something with an error. +1 (though, of course, one could have the protocol above TLS/SSH be resumable in some cases). Note too that recovery by retransmission requires more buffering unless TLS/SSH and TCP could coordinate and share buffers. My take is that better checksums are needed even for TLS/SSH, but not for TCP over IPsec, and maybe not for DTLS apps. Nico --
