IETF Logo Mail Archive

Re: [quicwg/base-drafts] Improve KEY_PHASE description (#43)

Martin Thomson <notifications@github.com> Wed, 30 November 2016 01:34 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30B33129D0D for <quic-issues@ietfa.amsl.com>; Tue, 29 Nov 2016 17:34:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.498
X-Spam-Level:
X-Spam-Status: No, score=-3.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FxkqaMredMZB for <quic-issues@ietfa.amsl.com>; Tue, 29 Nov 2016 17:34:53 -0800 (PST)
Received: from o9.sgmail.github.com (o9.sgmail.github.com [167.89.101.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DAE3129D2B for <quic-issues@ietf.org>; Tue, 29 Nov 2016 17:34:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=github.com; h=from:reply-to:to:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=iE92t8M4nxIwV0erXZBtjR39Q+Y=; b=U4dDLtxP0BcT8bri wIdyPhGdBRMOKlMBG0aSWooKAPZi/dEsEFV9lqdpL3xKqPfcZfQSkNErtr/N9IQ6 GGeoJ9srSyurOkbW9DzUl0Xyo/nNuLLRkSNcVMPyf6SDv8Ggf5jjDyIOecs7NOCU iW7B4eFCoKTCR2VivR+7WDTaK/w=
Received: by filter0810p1mdw1.sendgrid.net with SMTP id filter0810p1mdw1-25179-583E2CB1-2 2016-11-30 01:34:41.040992243 +0000 UTC
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2b-ext-cp1-prd.iad.github.net [192.30.253.17]) by ismtpd0002p1iad1.sendgrid.net (SG) with ESMTP id VUYKYewyTrugaE8TeUUfwQ for <quic-issues@ietf.org>; Wed, 30 Nov 2016 01:34:41.082 +0000 (UTC)
Date: Tue, 29 Nov 2016 17:34:40 -0800
From: Martin Thomson <notifications@github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/43/review/10677254@github.com>
In-Reply-To: <quicwg/base-drafts/pull/43@github.com>
References: <quicwg/base-drafts/pull/43@github.com>
Subject: Re: [quicwg/base-drafts] Improve KEY_PHASE description (#43)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_583e2cb0e0edd_70a83fa2efa2b1344122d4"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak3IMFoXyyp+MwWGtaxoTWDzmtgI8ZRpyW1M9N fQ7D0yv+5OZMQdoXL2z4egNjIjUjpYOWBoNk4Pvy9t/W7Lmo+smkyRE31Vm68Khrtlfvk7n14WtThG Aw6MQlLw3s0kVkkaQuGnvx0AADHqWIGfVN3QcLKfdxF8X+tM3sAbt4dXpKI5mhL4Gs6v5NKQFW96XT M=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Oe8p3Yk-xPLiz1foKclc7zQ-2Yk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.17
Reply-To: quicwg/base-drafts <reply+0166e4ab6501ec3924c8ab6fb083f432c319c783495da28092cf000000011455eeb092a169ce0b74c956@reply.github.com>
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2016 01:34:55 -0000

martinthomson commented on this pull request.



> +* A server MUST NOT retransmit any of its TLS handshake messages with 1-RTT
+  keys.  The client needs these messages in order to determine the 1-RTT keys.
+
+A HelloRetryRequest might be used to reject an initial ClientHello.  A
+HelloRetryRequest handshake message and any second ClientHello that is sent in
+response MUST also be sent without packet protection.  This is natural, because
+no new keying material will be available when these messages need to be sent.
+
+Note:
+
+: An alternative way of identifying handshake data that needs to be sent without
+  protection is to collect all handshake data from before TLS provides the first
+  keys (see {{key-ready-events}}).
+
+Retransmissions of these handshake messages MUST be send in unprotected packets
+(with a KEY_PHASE of 0).  Any ACK frames for these messages MUST also be send in

The problem we have is that an ACK might not be readable if it is encrypted.  See #34.

1. If the server ACKs the ClientHello by encrypting it, that's probably OK, it has to do that with 1-RTT keys.  But the client might not have the 1-RTT keys because it needs the entire set of server handshake messages to that.

2. If the client ACKs the ServerHello (et al.) with 0-RTT keys, then those ACKs are lost if the server rejects 0-RTT.  I guess you could say that this is OK on the basis that we lose ACKs too, but I think that it could force the server into retransmission on a timer (ugh).

3. If the client ACKs the ServerHello (et al.) with 1-RTT keys, then the server should be able to decrypt them perfectly well.  However, the only value gained from this is better feedback on timing, it doesn't help with loss recovery because there was none.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/43

v2.38.3 | Report a Bug | By Email | System Status