On 17.06.2016 20:52, Tom Herbert wrote: > >> > Rather, I think people are going to start adding rules to block TOU >> > tunnels entirely because they cannot inspect nor conditionally >> > filter/rewrite the contents. This is even more likely if Joe Random >> > and so easily can do their own userland TCP stack over TOU. >> > > Unfortunately, encryption is the only proven solution to protocol > ossification. If the network doesn't see it, it can't ossify it.
DTLS carries still a lot of information, both in its handshake, as well as in the actual framing. The protocol is basically only TLS on top of datagrams and as such implements connection establishment and tear down of connections, which middle boxes can certainly track. It will just be a matter of time until middle boxes and security appliances will be able to track those connections, maybe not being able to inspect the content but at least see the certificates in clear-text and as such also have the common names and other addressing information at hand. The meta-data might certainly be track able. Because of reply protection you actually can infer the number of bytes transferred and someone can end up building congestion control on a middle box based on that, infer retransmissions etc. Bye, Hannes
