On 15 December 2015 at 00:34, Christopher Morrow <morrowc.lists@xxxxxxxxx> wrote: > I don't think you can reliably figure out which hop caused your > problem :( so ... TLS (or equivalent in QUIC/MinimalT/etc) is your > only real saving throw. If IP contains CRC for unchanging parts of data, and each hop verifies it, but copies ingress value to egress value (not recalculate). Then the very next hop of mangling device will notice the the problem. When done on higher layer, it's invisible to the transport, we will just have to accept that some router in some AS number mangled it, you cannot get anyone to do anything to fix it. Trying to call random AS helpdesk 'about 1 in 100k packets seem to be mangled betweeen IP x and IP y'. For AS to figure out which one was it, they'd need wire taps, it's LOT of work, and no guarantees to succeed in determining faulty device unless src, dst and every transit AS commits to solving it, i.e. it's not gonna happen unless it's really really bad like 1 in 1000. -- ++ytti