Re: [quicwg/base-drafts] Datagram 1200 (#1548)
Mike Bishop <notifications@github.com> Wed, 11 July 2018 06:11 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D30F1130DDB for <quic-issues@ietfa.amsl.com>; Tue, 10 Jul 2018 23:11:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dOiKc4jF_UlD for <quic-issues@ietfa.amsl.com>; Tue, 10 Jul 2018 23:11:18 -0700 (PDT)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F3ED126F72 for <quic-issues@ietf.org>; Tue, 10 Jul 2018 23:11:18 -0700 (PDT)
Date: Tue, 10 Jul 2018 23:11:17 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1531289477; bh=6Pj4LsIBlPRSeVdgdql39VYZz90O6jdjOEYnNZugbv0=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=iHh8XiS+slaTOpqNHnkJK3ey/amGXKRS7Lu4VbJS9RfObEex41gDXXlMOQGsjnsAD /ZUtJVfgPUyBHf8U5xwJiwqWrs/nb4w55IN5Ac0j6jw8ARF7S97iIYqlRPyk6a1uW3 LwSpBlWL4pDiZjXws/R+u3BFXJ6k5jqggC+bk4Rc=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab7dd160cd744efb1d516437e020384bf1a0edee6192cf00000001175d618592a169ce144571de@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1548/review/136099506@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1548@github.com>
References: <quicwg/base-drafts/pull/1548@github.com>
Subject: Re: [quicwg/base-drafts] Datagram 1200 (#1548)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b459f85c3a1c_7d03fbc06e26f88457e3"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Mm1thslpaxnbTgrWISKXUuUGooU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2018 06:11:21 -0000
MikeBishop commented on this pull request. Largely editorial nits. > -However, there are several variables that could cause this limit to be exceeded. -Implementations are reminded that large session tickets or HelloRetryRequest -cookies, multiple or large key shares, and long lists of supported ciphers, -signature algorithms, versions, QUIC transport parameters, and other negotiable -parameters and extensions could cause this message to grow. - -For servers, the size of the session tickets and HelloRetryRequest cookie -extension can have an effect on a client's ability to connect. Choosing a small -value increases the probability that these values can be successfully used by a -client. +QUIC requires that the first Initial packet from a client be sent in a single +UDP datagram. This places constraints on the first ClientHello message. + +QUIC packet and framing overheads add at least 36 octets of overheads to the +ClientHello message. That overhead increases if the client chooses connection +ID without zero length, nor does it include the token or a connection ID longer **a** connection ID with non-zero length, perhaps? > -Implementations are reminded that large session tickets or HelloRetryRequest -cookies, multiple or large key shares, and long lists of supported ciphers, -signature algorithms, versions, QUIC transport parameters, and other negotiable -parameters and extensions could cause this message to grow. - -For servers, the size of the session tickets and HelloRetryRequest cookie -extension can have an effect on a client's ability to connect. Choosing a small -value increases the probability that these values can be successfully used by a -client. +QUIC requires that the first Initial packet from a client be sent in a single +UDP datagram. This places constraints on the first ClientHello message. + +QUIC packet and framing overheads add at least 36 octets of overheads to the +ClientHello message. That overhead increases if the client chooses connection +ID without zero length, nor does it include the token or a connection ID longer +than octets that might be required if a server sends a Retry packet. longer than octets? > -For servers, the size of the session tickets and HelloRetryRequest cookie -extension can have an effect on a client's ability to connect. Choosing a small -value increases the probability that these values can be successfully used by a -client. +QUIC requires that the first Initial packet from a client be sent in a single +UDP datagram. This places constraints on the first ClientHello message. + +QUIC packet and framing overheads add at least 36 octets of overheads to the +ClientHello message. That overhead increases if the client chooses connection +ID without zero length, nor does it include the token or a connection ID longer +than octets that might be required if a server sends a Retry packet. + +With these overheads, a typical TLS ClientHello can fit into a 1200 octet packet +with ample space remaining. However, aside from the overheads added by QUIC, +there are several variables that could cause this limit to be exceeded. Large +session tickets or HelloRetryRequest cookies, multiple or large key shares, and You say below that HelloRetryRequest-triggered ClientHellos are exempt from this restriction, so it might be less confusing to omit that from your list of examples. > + +QUIC packet and framing overheads add at least 36 octets of overheads to the +ClientHello message. That overhead increases if the client chooses connection +ID without zero length, nor does it include the token or a connection ID longer +than octets that might be required if a server sends a Retry packet. + +With these overheads, a typical TLS ClientHello can fit into a 1200 octet packet +with ample space remaining. However, aside from the overheads added by QUIC, +there are several variables that could cause this limit to be exceeded. Large +session tickets or HelloRetryRequest cookies, multiple or large key shares, and +long lists of supported ciphers, signature algorithms, versions, QUIC transport +parameters, and other negotiable parameters and extensions could cause this +message to grow. + +For servers, in addition to connection ID and tokens, the size of TLS session +tickets and HelloRetryRequest cookie extensions can have an effect on a client's Same. > -signature algorithms, versions, QUIC transport parameters, and other negotiable -parameters and extensions could cause this message to grow. - -For servers, the size of the session tickets and HelloRetryRequest cookie -extension can have an effect on a client's ability to connect. Choosing a small -value increases the probability that these values can be successfully used by a -client. +QUIC requires that the first Initial packet from a client be sent in a single +UDP datagram. This places constraints on the first ClientHello message. + +QUIC packet and framing overheads add at least 36 octets of overheads to the +ClientHello message. That overhead increases if the client chooses connection +ID without zero length, nor does it include the token or a connection ID longer +than octets that might be required if a server sends a Retry packet. + +With these overheads, a typical TLS ClientHello can fit into a 1200 octet packet Given that 1200 is a minimum, not a maximum, it might be worth calling out that the datagram can be larger than 1200 if needed. > + +With these overheads, a typical TLS ClientHello can fit into a 1200 octet packet +with ample space remaining. However, aside from the overheads added by QUIC, +there are several variables that could cause this limit to be exceeded. Large +session tickets or HelloRetryRequest cookies, multiple or large key shares, and +long lists of supported ciphers, signature algorithms, versions, QUIC transport +parameters, and other negotiable parameters and extensions could cause this +message to grow. + +For servers, in addition to connection ID and tokens, the size of TLS session +tickets and HelloRetryRequest cookie extensions can have an effect on a client's +ability to connect. Choosing a small value increases the probability that these +values can be successfully used by a client. + +A client is not required to fit a ClientHello that is sent in response to +HelloRetryRequest in a single UDP datagram. Consistency nits: - You use "a" before other TLS handshake messages, so "**a** HelloRetryRequest" - You use "fit into" elsewhere, but "fit ... in" here. > -An Initial packet MAY exceed 1200 octets if the client knows that the Path -Maximum Transmission Unit (PMTU) supports the size that it chooses. +The datagram containing an Initial packet MAY exceed 1200 octets if the client Since we're still talking about "the first Initial packet [the client] sends," perhaps "the first" or "this" instead of "an"? > A server MAY send a CONNECTION_CLOSE frame with error code PROTOCOL_VIOLATION in -response to an Initial packet smaller than 1200 octets. It MUST NOT send any -other frame type in response, or otherwise behave as if any part of the -offending packet was processed as valid. +response to an Initial packet contained in a UDP datagram that is smaller than ...but only if it's the first Initial packet on the connection, right? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/1548#pullrequestreview-136099506
- [quicwg/base-drafts] Datagram 1200 (#1548) Martin Thomson
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) Mike Bishop
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) MikkelFJ
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) Martin Thomson
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) Martin Thomson
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) MikkelFJ
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) Martin Thomson
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) Martin Thomson
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) Nick Banks
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) ianswett
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) Martin Thomson
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) Christian Huitema
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) Martin Thomson
- Re: [quicwg/base-drafts] Datagram 1200 (#1548) Martin Thomson