IETF Logo Mail Archive

Re: [quicwg/base-drafts] Stateless Reset packet sizes should not depend on the maximum connection ID length (#2869)

David Schinazi <notifications@github.com> Sat, 06 July 2019 00:39 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F06F71200DB for <quic-issues@ietfa.amsl.com>; Fri, 5 Jul 2019 17:39:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F9D1ZqlB20ki for <quic-issues@ietfa.amsl.com>; Fri, 5 Jul 2019 17:39:35 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B6F91200A3 for <quic-issues@ietf.org>; Fri, 5 Jul 2019 17:39:35 -0700 (PDT)
Date: Fri, 05 Jul 2019 17:39:33 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1562373573; bh=p7+xiN8h2785ZpSU71f/+obnWCUX5UDmH6lD22Z2MdM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=XMwrTwCyR0UFDccKXhVOL89GeP3BLKGqqOfYRBqNdVxzS+Ddvc58yTdFqj/pGnYY+ 2zk3iQdF3jSS63eCaDO9eOqvMBdWgtgoiGQoWlRxF46iidHEI9NsgU33u5B2XyQWQk KhiXuguJ9Jqj9QOEefA/eGrYwwicIlydaZfOI7Tk=
From: David Schinazi <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK4HMDA47KR36WRUVPV3FUQELEVBNHHBXHYKMI@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2869/508884624@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2869@github.com>
References: <quicwg/base-drafts/issues/2869@github.com>
Subject: Re: [quicwg/base-drafts] Stateless Reset packet sizes should not depend on the maximum connection ID length (#2869)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d1fedc5e013c_70eb3fd089ecd9683684c4"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/PWIEfCLNj3iCBCPzxRSBTvRkzzU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jul 2019 00:39:38 -0000

I agree with this threat model. We really want to avoid NATs reacting to stateless resets the way they react to TCP RSTs today.

However, we've heard from implementors that the majority of QUIC traffic will not use client connection IDs. But there will be an implementation that uses them (either all the time, or at least some of the time, to apply grease to servers to make sure they support them). Let's assume there is a client implementation called CLIENT_18 that always uses 18-byte client CIDs. Do you think someone will go out of their way to implement code that detects CLIENT_18 traffic, and then installs a rule for those connections only where the detection of a server-to-client packet shorter than 39 bytes will drop the NAT mapping? This sounds about as likely as a NAT implementation that drops packets whose connection IDs are prime numbers...

To answer your question on reliability: I think it will be common to have a client establish a connection, send some requests, get the responses, then idle for a few minutes, then after user action, sends another request. Assuming the server uses 8-byte CIDs, this will cause the client to send a packet than can easily be under 39 bytes (assuming a short request). Let's assume the server has restarted during the idle period. It won't recognize the connection ID. If the server decides that this packet is too short to trigger a stateless reset, then the client will timeout causing user-visible delays. For a protocol with such a goal of improving latency, a timeout is a critical failure.

The issue here is that the spec doesn't mandate the client to pad its packets, and allows servers to not respond to short packets. Giving both implementations too much leeway is dangerous here.

It would be in the spirit of the spec to be more prescriptive. We remove the 39-byte requirement, and tell servers that their stateless resets should be of length in the range `[min(39, client_packet_size - 1), max(39, client_packet_size - 1)]`. We then tell clients to pad their packets such that `packet_number_length + payload_length >= 4 + max(0, max_used_client_cid_length - server_cid_length)`.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2869#issuecomment-508884624

v2.23.0 | Report a Bug | By Email