(I happened to implement TFO for a middlebox just a couple of weeks ago. The changes were much more invasive than for the average TCP extension).
Unfortunately there isn't a breakdown of that 20%. Is it just connections where the SYN was dropped or the connection breaks after the SYN was let through? Or does it also include cases where the TFO options get stripped away? There's a huge difference in how serious these cases are.
I have no idea how to tell which routers and IDSes will silently make my network / internet connectivity crappy.
For the other talks in this edition of NANOG see: https://www.nanog.org/meetings/nanog67/agenda
they're absolutely right about the affect on UX & revenue...