Re: [quicwg/base-drafts] Add Advice and Rules for CONN_CLOSE in Initial and Handshake (#1786)

Martin Thomson <notifications@github.com> Thu, 27 September 2018 22:42 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6F8A129C6B for <quic-issues@ietfa.amsl.com>; Thu, 27 Sep 2018 15:42:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Level:
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rY71bbo5pSZE for <quic-issues@ietfa.amsl.com>; Thu, 27 Sep 2018 15:42:58 -0700 (PDT)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14572127332 for <quic-issues@ietf.org>; Thu, 27 Sep 2018 15:42:58 -0700 (PDT)
Date: Thu, 27 Sep 2018 15:42:56 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1538088176; bh=xk/FHYbiyZ4QafpAZUayigwMmRdczUJejwPNnqaF/aI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=qGPnOStVooP76wpJbofBpIgEyMoeOP8Q/WRctuU4Bs3U8sdLV4EuE1UjxWP+r5gnu gSsB8qqWKw34f0olbT3DlHD0H+OcPUyOPi6M9+dxeP8DZg+6GtOIWHf83oDU9cTDOh C047e7utawIS5IES1n+F595lb0Dld5izdzaDrejI=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab1d923329e9041580cb63cf5660b4a042cfbb583792cf0000000117c51ef092a169ce159f31b4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1786/425265494@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1786@github.com>
References: <quicwg/base-drafts/issues/1786@github.com>
Subject: Re: [quicwg/base-drafts] Add Advice and Rules for CONN_CLOSE in Initial and Handshake (#1786)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bad5cf03ebbd_67a13fc1218d45c45705c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/VG-BidFd8zB85p36YxIXPjd3Ksw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Sep 2018 22:43:00 -0000

> Update Sec 4.1.1 of the TLS draft (@mikkelfj 's find above) to allow quietly dropping the packet when CRYPTO overruns.

Seems reasonable, as a MAY.

> Silently drop packets with CONN_CLOSE if we have received a higher encryption level from the peer.

Mostly OK, but you might have already processed some frames when you hit the CONNECTION_CLOSE.  We'd need to address that.

> When closing the connection, send CONNECTION_CLOSE with the latest keys you have. If you haven't received a packet with those keys yet, also send with the previous keys.

Send with the keys you know that your peer has.  That is, if you have received X, send with X.  You might already be sending with X+1, but it isn't always guaranteed that your peer has X+1.  For instance, the server might be sending Handshake packets, but the client might not have processed all of the Initial yet.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1786#issuecomment-425265494