Current behavior to set DSCP EF code point by default is harmful

[Stuart Henderson]

On 2026/04/10 09:45, matt at theaddisons.us wrote:
>                                   Leaving this as a default is going
> to force more operators to either bleach traffic (which is what’s
> likely happened in every case where a user complains, because as an
> operator it’s *far* easier to just wipe all your DSCP markings
> if you’re not paying me to do anything with them),

this seems *exactly* what a network should be doing for traffic coming
from somewhere that they don't want to trust about codepoints.

>                                                    or implement
> changes which end up in SSH traffic being dropped (which is what’s
> likely happening before people complain and they bleach, because
> they’re applying strict priority to the traffic going into EF, so
> if your destination isn’t in their VoIP termination networks and
> you’re marked with EF you get dropped because you’re misusing
> their network).

so, if some ISP customer has a voip setup with a provider other
than that ISP, which results in emergency calls being marked EF (which
seems extremely unlikely to me, but let's go with it) - someone with
that policy would be dropping those calls.

it could be argued that OpenSSH flushing this out before something
more critical is a very good thing.