IETF Logo Mail Archive

[quicwg/base-drafts] loss of only two packets can lead to an unrecoverable situation (#2267)

Marten Seemann <notifications@github.com> Fri, 28 December 2018 09:07 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F33F129B88 for <quic-issues@ietfa.amsl.com>; Fri, 28 Dec 2018 01:07:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.065
X-Spam-Level:
X-Spam-Status: No, score=-8.065 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JkQN5hQhVy6X for <quic-issues@ietfa.amsl.com>; Fri, 28 Dec 2018 01:07:50 -0800 (PST)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8F2B1200D7 for <quic-issues@ietf.org>; Fri, 28 Dec 2018 01:07:50 -0800 (PST)
Date: Fri, 28 Dec 2018 01:07:49 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1545988069; bh=gKiErqVnvbEvSXzwubjI0cB1dqMn298842PvAlYbzAE=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=d8CbvU0ITasfXdS2CQMSioitHYX9rUyNuZ2NlQvM5l6pzyq5oS67OURFvFe6g/M/g s8nKSniuSdxoPBmfBv+tRlPVrx5zcvLDA6zSoomudP8c5xsxkMjDg0UMOOTGrtyTCl NLlIux1Gpjm98cEdTnnx/OQNais2HqpJAi9LUbG0=
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab1aba3e6c9d9a1e03092770a7568305b7f4408e7792cf00000001183da9e592a169ce1784eaec@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2267@github.com>
Subject: [quicwg/base-drafts] loss of only two packets can lead to an unrecoverable situation (#2267)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c25e7e547692_5473f95b6ad45b81761e"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Kcuh1pTJigjq3hp8fEvhZ9Thh7I>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Dec 2018 09:07:54 -0000

Assume that client and server handshake successfully, all packets containing handshake data are received, but the ACK for the CFIN message is lost. Furthermore, assume that the RTT is `x` and there is negligible RTT variance (just to simplify my example).
At this point, the server considers the handshake as completed, and starts its timer to drop the Handshake keys after 3 times the PTO timeout. 3 PTOs equals a duration of `3x`. The client doesn't consider the handshake as completed, since it didn't receive the ACK for the last Handshake packet it sent. On sending that packet, it already set a the crypto timeout timer to a duration of twice the RTT, i.e. `2x`.
When the crypto timer fires, the client retransmits the CFIN. Now assume that this packet is lost (or, leading to the same outcome, the packet is received, but the ACK for it is lost again). The client resets the timer (now with backoff) to `4x` after sending the retransmission. By the time this timer fires, the server will already have dropped the Handshake key. We're now in the situation where the client will never receive an acknowledgement for the CFIN.

Note that a similar situation (with the roles reversed) can occur when an ACK for the certificate sent by the server is lost.

This scenario gets interesting when the client begins sending 1-RTT data after sending the CFIN. The server will be able to read the 1-RTT data, and send acknowledgements for it. There's nothing stopping client and server from running the application protocol, as they normally would, with one interesting caveat: The client will continue to retransmit the CFIN indefinitely and always declare it lost (and decrease its congestion window). Furthermore, the client will only be able to use ACK-based loss recovery, since it is not allowed to use probe timeouts as long as crypto data is still outstanding.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2267

v2.23.0 | Report a Bug | By Email