"Minimal Latency Tunneling (MinimaLT) is a new network protocol that provides ubiquitous encryption for maximal confidentiality, including protecting packet headers. MinimaLT provides server and user authentication, extensive Denial-of-Service protections, and IP mobility while approaching perfect forward secrecy."
I've also been thinking about another possible optimization:
Two things have a big impact on connection start-up performance currently: handshakes (3-way for TCP, 4-way for SCTP, any properly-designed UDP protocol implements a similar one to prevent amplification attacks) and slow-start. Currently both of those are on a per-connection (defined as an L4 connection) basis.
What if there was a concept of "endpoint associations" in addition to connections? An endpoint association would be a bundle of connections, potentially from different applications, between the same endpoints. An active endpoint association would include congestion control information (so new connections within an established association could immediately start communicating at full speed) and also means the endpoints are authenticated. That makes the handshake only necessary for creation of associations, not individual connections.
If that was done at the OS level, the process for opening a new connection would be something like:
1. User wants to open a connection to 18.104.22.168:80. (L4 protocol doesn't really matter for the example.)
2. OS checks if there is a currently active endpoint association with 22.214.171.124.
3. If there is an endpoint association, create a connection within that association and start sending data immediately, with no handshake, and using the congestion control information (window size) from the association.
4. If there isn't, open an endpoint association, complete the handshake for that, and open the connection within the newly created association. (Future connections would be able to go through the simplified and quicker process above.)
I think the handshake isn't a big issue, but eliminating slow-start for connections to an already-established association should be beneficial. Thoughts?
Some details on Chrome implementation here:
Do you think there could be any real-world advantages to doing this at the OS level? On paper it would sound good to me, as it could do this optimization across any application running on the machine.
very promissing and sophisticate tech!
UDP is used by many consumer-level applications (online gaming including on consoles, VoIP, video chat like Skype, etc.) so the lack of UDP NAT would easily be noticed by many normal users.