Re: [quicwg/base-drafts] Add Advice and Rules for CONN_CLOSE in Initial and Handshake (#1786)

martinduke <notifications@github.com> Fri, 28 September 2018 01:08 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85C08130DC0 for <quic-issues@ietfa.amsl.com>; Thu, 27 Sep 2018 18:08:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H5QnMsz6JaXk for <quic-issues@ietfa.amsl.com>; Thu, 27 Sep 2018 18:08:21 -0700 (PDT)
Received: from out-2.smtp.github.com (out-2.smtp.github.com [192.30.252.193]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15821126F72 for <quic-issues@ietf.org>; Thu, 27 Sep 2018 18:08:21 -0700 (PDT)
Date: Thu, 27 Sep 2018 18:08:19 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1538096899; bh=3PxKupMYhiBMjYJ1JUxVdqUUo8B7WNnmFPHBQbkFt9g=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=hOYwd3zSZEXBYEuj7r8A3eIm4yteE7vNP/khWKng7xFG7TfaSLEWtqLecDfUBAm5a 977tSV9Nndh4UgzWWvDymDomNBb8hbtVubJMBZGzcMzuMuZW5pmy9S2cUCiyxx3baP R3axhA1GegvpW/rT3vholvJhOWwPwOQbnz9hNUAE=
From: martinduke <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4aba5156435b9fe26d247cb75a3a7c5592b19e5f37592cf0000000117c5410392a169ce159f31b4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1786/425288534@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1786@github.com>
References: <quicwg/base-drafts/issues/1786@github.com>
Subject: Re: [quicwg/base-drafts] Add Advice and Rules for CONN_CLOSE in Initial and Handshake (#1786)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bad7f03eb784_45523fc9314d45c43113c0"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinduke
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Xo9eVhXRyRKQiS5Hx5IfsA3wb-s>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2018 01:08:23 -0000

What's really motivating this is INITIAL, and HANDSHAKE packets introduce a lot of complications due to the late client FINISHED and relatively early application data.  So let's separate the cases

So, rules for sending CONN_CLOSE:
- if you've received 1-RTT packets, use that, else
- if you've received HANDSHAKE, use that, else
- if you've sent HANDSHAKE but received only INITIAL, send in both in a coalesced packet, else
- send in INITIAL

for receiving
- If it comes in INITIAL, and you have received HANDSHAKE, drop, else*
- accept it.

* I don't think there's a "what else have I processed" problem here. The spoofed packet could contain
(1) an ACK of the Hello message, which is already implicit in the receipt of handshake packets
(2) old crypto data, which triggers an ACK but is otherwise fine - what happens if we ACK an unsent packet? we might want to reverse the decision to ACK, I guess
(3) New crypto data, which we should ignore given we've already moved on to handshake

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1786#issuecomment-425288534