IETF Logo Mail Archive

Re: [quicwg/base-drafts] loss of only two packets can lead to an unrecoverable situation (#2267)

Kazuho Oku <notifications@github.com> Tue, 29 January 2019 07:53 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED468130F2A for <quic-issues@ietfa.amsl.com>; Mon, 28 Jan 2019 23:53:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.553
X-Spam-Level:
X-Spam-Status: No, score=-12.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TrC0PvT4C4q1 for <quic-issues@ietfa.amsl.com>; Mon, 28 Jan 2019 23:53:40 -0800 (PST)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEBBA130F26 for <quic-issues@ietf.org>; Mon, 28 Jan 2019 23:53:40 -0800 (PST)
Date: Mon, 28 Jan 2019 23:53:39 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1548748419; bh=X0WyqJqGfdiFT/z3sTIARvTysPN3JuRsxLYCDxNj300=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=NvUaFHh7bZsbPpdcfqVWkUg3dtf/8RUYpatQB371idjyS5Cl9kYSAX1TH57p98U/u 6bUMFB+xEzem9KD84U+dk6pQG6Dxh74+tyKOafAO74pVPuUaFskXyXeWKHROUZz/QB a+lMPtYtV6SxfjKAd7cH3F1OBbbJCE3B3lasl6yo=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab91a29a33b968559f496e38ca7308a6cdca22b01c92cf000000011867c88392a169ce1784eaec@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2267/458441125@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2267@github.com>
References: <quicwg/base-drafts/issues/2267@github.com>
Subject: Re: [quicwg/base-drafts] loss of only two packets can lead to an unrecoverable situation (#2267)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c5006839fd4b_60b73fa2432d45b84921af"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/2dodqgntCabcRd27_TZ3T_sAjGs>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jan 2019 07:53:43 -0000

@marten-seemann 
> Both endpoints have the 1-RTT keys, but the client doesn't know that the server has them, since the ACK for the CFIN was lost. For the client, this situation is indistinguishable from the CFIN itself being lost, so it has to keep retransmitting it.

That's true, however I am not sure if introducing a new frame (that needs to be delivered reliably) is the correct solution. At least for my implementation, consulting if an ACK for 1-RTT packet has been received each time a Handshake packet is deemed lost is easier than reliably transmitting a HANDSHAKE_DONE frame and using it's receipt as a signal.

Having that said, _if_ we are going to depart from the current approach, possibly by introducing a HANDSHAKE_DONE frame, I think it's worth reconsidering when we drop the Initial keys.

Current text requires endpoints to drop Initial packets as soon as they know that the peer knows the Handshake keys. The downside of this approach is delivery of Initial packets and their RTT is sometimes lost.

If we are to have an explicit signal for indicating the end of the handshake, we could delay dropping not only the Handshake keys but also the Initial keys until that signal is being emitted.

The design would be:
* each endpoint emits HANDSHAKE_DONE packet when all the CRYPTO data sent using Initial and Handshake packets are acknowledged
* an endpoint would retain it's Initial and Handshake keys until it sends HANDSHAKE_DONE frame and also receives HANDSHAKE_DONE frame

This is simpler than the current design. There's no fear of key being dropped having negative impact on loss recovery / congestion control. There's only one event for dropping the keys (instead of two). And the logic can be exactly the same on the server and the client.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2267#issuecomment-458441125

v2.23.0 | Report a Bug | By Email