IETF Logo Mail Archive

Re: [quicwg/base-drafts] loss of only two packets can lead to an unrecoverable situation (#2267)

David Schinazi <notifications@github.com> Fri, 18 January 2019 23:50 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72211130F35 for <quic-issues@ietfa.amsl.com>; Fri, 18 Jan 2019 15:50:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.553
X-Spam-Level:
X-Spam-Status: No, score=-12.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qyC_nhfXHQl0 for <quic-issues@ietfa.amsl.com>; Fri, 18 Jan 2019 15:50:05 -0800 (PST)
Received: from out-4.smtp.github.com (out-4.smtp.github.com [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A817130F17 for <quic-issues@ietf.org>; Fri, 18 Jan 2019 15:50:05 -0800 (PST)
Date: Fri, 18 Jan 2019 15:50:03 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1547855403; bh=mE/YRKsYYD+5HG/p5rv9shkB/iUYbXaXf1Ez2NrYnH4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=hYSEYlwEvkWzBiHyTKfdfEhniFAJ2AehwQFdXuq/EK+FO7DBF66fHqSwbHLidh18g +u8YRyngTB4L/eAFHWZg6j7tdsTIDLtbv4lCv0IhFqeASvTR/XfJs44blA3HpfdN5D r+FkG/R75GMdsnNDAi94dIqp4xEEl1Ugcg3JwbGA=
From: David Schinazi <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abc979f37e44b40709d867a89f2ce1baf4e0e61aaf92cf00000001185a282b92a169ce1784eaec@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2267/455723789@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2267@github.com>
References: <quicwg/base-drafts/issues/2267@github.com>
Subject: Re: [quicwg/base-drafts] loss of only two packets can lead to an unrecoverable situation (#2267)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c42662bd89a0_3b83fca172d45bc454d1"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/W1N7Gwxr9GxvBtLk3Csoqnn_6gU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2019 23:50:08 -0000

Having thought about this some more, I think that the HANDSHAKE_DONE proposal might be our best way forward.

Knowing when to stop sending ClientFinished/Ack is a variant of the two generals problem, meaning it's actually impossible to know when to stop sending over a lossy network without out-of-band information.

There are two ways to solve this. One is timeouts, similar to what TCP does on graceful connection close. However timeouts aren't great, because they're by definition always too short or too long. In this case, we can do better by using an explicit event that would trigger key discarding. We even have a suitable stream of out-of-band information: our 1-RTT protected packets.

One could consider having the client treat the receipt of any valid 1-RTT packet as confirmation that the ClientFinished was received, but that doesn't work because the server is allowed to send non-sensitive application data before validating the ClientFinished.

Having the server send a retransmittable HANDSHAKE_DONE frame as soon as it receives ClientFinished solves this issue. The server discards its handshake keys when it sends HANDSHAKE_DONE and the client discards them when it receives it.

I personally find this preferable to a short timeout (which can cause an infinite send) and a long timeout (which costs resources).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2267#issuecomment-455723789

v2.29.0 | Report a Bug | By Email | System Status