IETF Logo Mail Archive

[quicwg/base-drafts] Bound 0-to-1-RTT Transition (#2466)

Mike Bishop <notifications@github.com> Thu, 14 February 2019 22:11 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 350691311E6 for <quic-issues@ietfa.amsl.com>; Thu, 14 Feb 2019 14:11:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3
X-Spam-Level:
X-Spam-Status: No, score=-3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7719f8RoGylj for <quic-issues@ietfa.amsl.com>; Thu, 14 Feb 2019 14:11:11 -0800 (PST)
Received: from o6.sgmail.github.com (o6.sgmail.github.com [192.254.113.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 688731311D5 for <quic-issues@ietf.org>; Thu, 14 Feb 2019 14:11:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=kvv9EoBio4EsdSOscbt5TsaaZx4=; b=s3PVzM61fGxMcPVk YOqNGxGQZNs5dxK7AM9SUimjgZwUuxJgE6tm/jhnewlLaufLjnI298V1Gk9DMWkd A6dBn/vMdV925MW+OhYtwOcrK9FlT3t8qMPMVLW7m5+LS9JhrSgEwrK/HEZIJTKC Hb7uT8hUdQ6uCf7HRxoZiOoqKfM=
Received: by filter0954p1las1.sendgrid.net with SMTP id filter0954p1las1-20862-5C65E77D-39 2019-02-14 22:11:09.946508653 +0000 UTC m=+530159.390921237
Received: from github-lowworker-05ceafd.cp1-iad.github.net (unknown [192.30.252.40]) by ismtpd0053p1mdw1.sendgrid.net (SG) with ESMTP id oPyaehfoStSPRFcf31Ts_g for <quic-issues@ietf.org>; Thu, 14 Feb 2019 22:11:09.798 +0000 (UTC)
Received: from github.com (localhost [127.0.0.1]) by github-lowworker-05ceafd.cp1-iad.github.net (Postfix) with ESMTP id C297B460193 for <quic-issues@ietf.org>; Thu, 14 Feb 2019 14:11:09 -0800 (PST)
Date: Thu, 14 Feb 2019 22:11:10 +0000
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abebe21f8fdd34dfbc2bdd885d7788074d8741582192cf00000001187da97d92a169ce1877f890@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2466@github.com>
Subject: [quicwg/base-drafts] Bound 0-to-1-RTT Transition (#2466)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c65e77dc0a83_5d993fb87a6d45bc255856"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak0BPmCPTJRvl8XERdD7Wo0qIQCdoheLLUzm7z PtkxfFU6JljXBAywSMvf08Vi3adQxgvJb5VmItXZmW7J6VwzK2/J7Q/NAy8gfw32hAmZ8PRk6I7kNv p3a4thL0AVaxc4pNTsUN2Y4Te2ho2S//LUXqS5fzM5Wt54j/ywrCWqfiab4/5Y6xc9D2pqQ9G4yEk1 E=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/81WNCLb98XmcWjScom6TlKUgm0I>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 22:11:13 -0000

Taking a stab at @DavidSchinazi's suggested alternative.  In Tokyo, we agreed that flow control and stream IDs advertised in the server's 1-RTT packets and transport parameters don't apply to the client's 0-RTT data.

This makes two changes:
- The client was already prohibited from sending more 0-RTT packets after reaching 1-RTT ([TLS 4.9](https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#rfc.section.4.9), "Though an endpoint might retain older keys, new data MUST be sent at the highest
currently-available encryption level.")  This adds a requirement on the server to drop 0-RTT packets with higher packet numbers than the first 1-RTT packet number from the client.
- Any increases to flow control or stream limits the server sends don't apply to 0-RTT traffic; servers SHOULD enforce the remembered values until at least one 1-RTT packet has been received.

This isn't perfect, as a malicious client could send a high numbered 1-RTT packet to unlock the flow control and save lower packet numbers for 0-RTT traffic which exceeds the initial limits, but it helps.  From discussion on the PR, it sounds like more aggressive enforcement than this is problematic for servers in multiple implementations.

Fixes #2458.
Fixes #2360.
You can view, comment on, or merge this pull request online at:

  https://github.com/quicwg/base-drafts/pull/2466

-- Commit Summary --

  * Simpler restriction on staying in 0-RTT
  * Stream counts, too

-- File Changes --

    M draft-ietf-quic-transport.md (15)

-- Patch Links --

https://github.com/quicwg/base-drafts/pull/2466.patch
https://github.com/quicwg/base-drafts/pull/2466.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2466

v2.23.0 | Report a Bug | By Email