[Cryptography] Heartbleed and fundamental crypto programming practices
Christian Huitema
huitema at huitema.net
Mon Apr 14 00:30:09 EDT 2014
>> Or is there something fundamental about the congestion issue that stops
>> UDP being usable under any circumstances?
>
> No. BitTorrent was rehosted on UDP, using its own delay-sensitive end
> to end transmission protocol, and it works fine (and better than when
> it was using TCP). RTP (VoIP) also works pretty well on UDP. Not to
> mention the classic use of UDP, DNS.
It is indeed possible to implement on top of UDP a TCP-like congestion
control algorithm. One can for example run TCP itself on top of UDP.
But when people say that the Internet does not like UDP, they are probably
not speaking about basic congestion control. They are concerned with series
of so-called "optimizations" that have been baked in the infrastructure over
time. Middle-boxes that know how to drop UDP packets first when congestion
happens. Firewalls that will only let TCP through, not UDP. Load balancers
that can manage TCP load balancing for a server farm, but not UDP.
But one should not be too pessimistic. There are also examples of UDP based
protocols that have been deployed at large scale. VoIP, for example, mostly
relies on UDP. Various VPN services tunnel data over UDP. Teredo tunnels
IPV6 over UDP. In fact, UDP has at least one deployment advantage of TCP: it
is much easier to cross a NAT with UDP than with TCP. Same goes for a
stateful IPv6 gateway.
-- Christian Huitema
More information about the cryptography
mailing list