Re: [quicwg/base-drafts] Request to Retire Locally Issued CIDs (#2769)

MikkelFJ <> Thu, 06 June 2019 11:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 016C112004F for <>; Thu, 6 Jun 2019 04:24:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.605
X-Spam-Status: No, score=-6.605 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HqdWOwH0Umfc for <>; Thu, 6 Jun 2019 04:24:28 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F2AEB12004C for <>; Thu, 6 Jun 2019 04:24:27 -0700 (PDT)
Date: Thu, 06 Jun 2019 04:24:26 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1559820266; bh=c0zIfUao+SsK3T21lnxouP+Oh9enBdrtE2sK4ubq0nY=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=VX8vInB+cfDHVdZAowywBQFqo4uAQKIa9zRFBjdXF4p/tLnXNRCa3kFJgDuoZ+p6I k0GfNcfqY1YCcag8XZ1aLFcq3yYO+GmdIkG/2xHHMWVG6/zNEAiqM1pduartm2ylRx xhYmUQ+TwwvLI4lC6RGM9Y3rNJSC51NQ15Jxj0uo=
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2769/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Request to Retire Locally Issued CIDs (#2769)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cf8f7ea9eabf_139a3fb18d8cd95c1418e9"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 06 Jun 2019 11:24:30 -0000

> The better way to enforce the retiring of the connection IDs is to look at packet numbers: The old connection IDs MUST NOT be used in packets with higher packet numbers than the packet that acknowledged the NEW_CONNECTION_ID frame.

I think this solves the problem since I really dislike that a delayed packet, 3PTO or otherwise, can take down a connection.

However, I also dislike that this is coupled strongly to ACK behaviour. I'm not sure how key updates work but assuming it does not use ACK, ACK handling can run asynchronously in a separate task, and indeed this is how I would architect a high performance implementation.

Then one could send a dedicated frame to acknowledge receiving the retire frame, but that is pointless since any packet using the new CID would have that effect.

So for the time being I don't have a good answer to this.

Altogether, if this facility opens up to DoS attacks and prevents ACK handling from running asynchronously, I think it does more harm than good and should at least be moved to v2 giving more time to consider the implications.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: