Security Concerns: “Bad” middleboxes that drop ECN-Capable SYN/ACK packets? We don’t know of any. If the first SYN/ACK packet is dropped, the retransmitted SYN/ACK should not be ECN-Capable. There is no danger on congestion collapse: Routers are free to drop rather than mark ECN-Capable packets. If the SYN/ACK packet is marked, the sender sends at most one data packet; if that packet is dropped or marked, the sender waits for a retransmit timeout. |