Re: [quicwg/base-drafts] Specify behavior for post-handshake CRYPTO messages (#2524)

Mike Bishop <notifications@github.com> Thu, 18 April 2019 23:02 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EE6D1201AF for <quic-issues@ietfa.amsl.com>; Thu, 18 Apr 2019 16:02:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Level:
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67ZdB45AzJXt for <quic-issues@ietfa.amsl.com>; Thu, 18 Apr 2019 16:02:42 -0700 (PDT)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60F33120150 for <quic-issues@ietf.org>; Thu, 18 Apr 2019 16:02:42 -0700 (PDT)
Date: Thu, 18 Apr 2019 16:02:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1555628561; bh=02yJVyQsyD0oqg5G/tNYD7AHxcp7k9jobRx4nWT5DXo=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=nk3QyZLeB91YlKrQafrg5QnVqOV9sfnh92VdrV492geoYY0Zq8gkdh8VwZ6YvjZlw GXSi/hYDfalARHpb5vu2Yt1yrRsZCNBewrxgsY+RUFAhvbXN99VsNIhvF8RYdTbAt0 umSmQ2kHX4T/FJTkjmU9maHibvzhsCmsyJdQ+OPI=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZYRXK4NYDHGEIMIBN2YY2JDEVBNHHBSI2I34@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2524/review/228541205@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2524@github.com>
References: <quicwg/base-drafts/pull/2524@github.com>
Subject: Re: [quicwg/base-drafts] Specify behavior for post-handshake CRYPTO messages (#2524)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cb90211591a8_41883fac44ccd960129717"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/YE-V_-4J0FRHQ662zsaWveOtY-o>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2019 23:02:44 -0000

MikeBishop commented on this pull request.

Minor nits.

> +potentially force its peer to buffer an unbounded amount of data.
+
+Implementations MUST support buffering at least 4096 bytes of data received out
+of order in CRYPTO frames. Endpoints MAY choose to allow more data to be
+buffered during the handshake. A larger limit during the handshake could allow
+for larger keys or credentials to be exchanged. An endpoint's buffer size does
+not need to remain constant during the life of a connection.
+
+Being unable to buffer CRYPTO frames during the handshake can lead to a
+connection failure. If its buffer is exceeded during the handshake, an endpoint
+can temporarily expand its buffer to complete the handshake. If an endpoint
+cannot expand its buffer, it MUST close the connection with a
+CRYPTO_BUFFER_EXCEEDED error code.
+
+Once the handshake completes, if an endpoint is unable to buffer all data in a
+CRYPTO frame, it MAY discard all subsequent CRYPTO frames, or it MAY close the

"subsequent" here could mean further in the CRYPTO stream, or could mean received later in time.  If the latter, then the currently-buffered crypto data will never be delivered and can also be discarded; we should say so.  In either case, we should be specific about which "subsequent" we mean.

> +## Cryptographic Message Buffering
+
+Implementations need to maintain a buffer of CRYPTO data received out of order.
+Because there is no flow control of CRYPTO frames, an endpoint could
+potentially force its peer to buffer an unbounded amount of data.
+
+Implementations MUST support buffering at least 4096 bytes of data received out
+of order in CRYPTO frames. Endpoints MAY choose to allow more data to be
+buffered during the handshake. A larger limit during the handshake could allow
+for larger keys or credentials to be exchanged. An endpoint's buffer size does
+not need to remain constant during the life of a connection.
+
+Being unable to buffer CRYPTO frames during the handshake can lead to a
+connection failure. If its buffer is exceeded during the handshake, an endpoint
+can temporarily expand its buffer to complete the handshake. If an endpoint
+cannot expand its buffer, it MUST close the connection with a

"cannot" implies ability, when the endpoint might simply not want to.  Perhaps better to say "does not" expand?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2524#pullrequestreview-228541205