I am very skeptical of the justification for performance enhancing
proxies in section 2.2.4. It develops the idea that having a form of
These are primarily 'satellite games' proxies.. that early-ack and such to make the long satellite portion of the transport seem short(er). They only REALLY need to see TCP headers, so ipsec is problematic, but not (probably) tls.
Enabling TCP Hijacking should never be justification for “needing” to avoid transport header privacy, IMO.
Games or other apps that “need” such support ought to “need” to explicitly permit it by peering their security with those proxies directly.
Joe |
