Current behavior to set DSCP EF code point by default is harmful

[Theo de Raadt]

Damien Miller <djm at mindrot.org> wrote:

> Just to make my position clear - unless there's a very strong reason not to,
> I'm going to follow what Job decides here. He is much closer to the network
> operator community than anyone else who directly works on OpenSSH and so I
> defer to his knowledge and judgement here.

I'm mostly in the same position.

First, I think the complaint is trying to specify the rules for DSCP stronger
than what the standard really says.

Secondnly, there is also the matter how DSCP is actually deployed in
practice.  The negative scenario described seems rare and contrived,
sorry but I feel there's an unrealistic agenda attached which we can't
see.

We deployed this in OpenSSH incrementally and substantially for 6
months, and by my recollection have heard only two concerns previously
which both turned out to be incorrect ISP segment configurations, which
were corrected after the customer reached out.  One of them was only on
certain segments of the ISP, the other I don't believe we got details
on.  One configuration was so incorrect the other trafffic was also
being blackholed.  Screaming at ISPs who deploy it incorrectly is more
valuable effort, not at tiny stack software which often uses it for
critical traffic.

I think we can afford to wait for the community to understand that the
majority of SSH traffic is minimal, generally either trivial volume or
for critical management, is as valuable as voice, if not more.  To me,
that's a better future.  EF isn't just cat videos, otoh I suspect it
contains almost no 911/112 calls.