[quicwg/base-drafts] HTTP SETTINGS and 0-RTT (#1541)
Mike Bishop <notifications@github.com> Mon, 09 July 2018 18:08 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51642130E65 for <quic-issues@ietfa.amsl.com>; Mon, 9 Jul 2018 11:08:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DPic0CNyAa6L for <quic-issues@ietfa.amsl.com>; Mon, 9 Jul 2018 11:08:26 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39E2012F1AC for <quic-issues@ietf.org>; Mon, 9 Jul 2018 11:08:26 -0700 (PDT)
Date: Mon, 09 Jul 2018 11:08:25 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1531159705; bh=0m9F1qt4fjVllNx1fNRaAGDAYo1HXu/Il5G4llR2IL8=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=iwk+6wGUatrttKTR2Hsj2B1iwiZUgoWFzQgfBhL9lw89xBj86iWzNFHZx3+mBYP9l Uxqcd2+QSCQYV6ooXzRA1Is76kIDBSRbFIVAdZT8fpPx1hMhicPrqORESZH3faSMkS tf/QOlR4LauVnEA0ZUhcLH3Ev/uPsi/ah9/b+lyE=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab30a1b61d24d0fd8b3f3f11969ec1e07d4dbf3f1292cf00000001175b669992a169ce143d29cf@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1541@github.com>
Subject: [quicwg/base-drafts] HTTP SETTINGS and 0-RTT (#1541)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b43a49952946_7bc22aed6e1a4f6015077c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/0ia5ey0AZhTBWToJt8NcS08lhdk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2018 18:08:28 -0000
The current draft language, after previous discussion, says this: > When a 0-RTT QUIC connection is being used, the client’s initial requests will be sent before the arrival of the server’s SETTINGS frame. Clients MUST store the settings the server provided in the session being resumed and MUST comply with stored settings until the server’s current settings are received. > > Servers MAY continue processing data from clients which exceed its current configuration during the initial flight. In this case, the client MUST apply the new settings immediately upon receipt. That means the client can accidentally (or maliciously) exceed the server's values during the 0-RTT phase. It means clients have to tolerate having settings reduced after the fact -- discovering your QPACK table is too big, or you've employed too many placeholders in describing your priority tree. And there's no synchronization of when the server's values for this connection take effect, because we removed the synchronization mechanisms when we decided that SETTINGS are sent once and fixed for the lifetime of the connection. If the server decides not to honor the MAY and closes the connection for bad behavior, the client might not have actually seen the SETTINGS frame (reliable delivery isn't guaranteed when the connection gets closed!) and so doesn't even know what it violated. Its only recourse is to assume that its cached settings are bad and not do 0-RTT next time, and it seems a pity to require that level of fallback simply from a configuration change. Are we ***really*** sure this is what we want? Wouldn't it be cleaner to simply say that you can only accept 0-RTT if you're willing to guarantee that your settings will be equally or more permissive than the ones the client has remembered? Yes, this means that settings will need to specify what counts as equally or more permissive when it's not obvious, but that text seems like a small price to pay. The larger price is that the HTTP layer will have to examine what settings the client has associated with its session ticket and participate in the decision to accept 0-RTT. It's a pain. But is it more of a pain than what we have? Particularly when the only way to identify a malicious client is to store the old settings with the ticket anyway and check that the client is following the rules as it understood them from last time? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1541
- Re: [quicwg/base-drafts] HTTP SETTINGS and 0-RTT … Mike Bishop
- Re: [quicwg/base-drafts] HTTP SETTINGS and 0-RTT … Martin Thomson
- [quicwg/base-drafts] HTTP SETTINGS and 0-RTT (#15… Mike Bishop
- Re: [quicwg/base-drafts] HTTP SETTINGS and 0-RTT … Mike Bishop