[quicwg/base-drafts] Remove amplification throttle if the server receives Initial that echoes its high entropy SCID. (#3834)

ekr <notifications@github.com> Wed, 08 July 2020 00:35 UTC

Suppose you have a large SH, for instance due to PQ crypto, in which
case it will have to span multiple packets. If it exceeds three
packets, then it will not be able to fit into a single flight. Ideally
this would look something like this:

C                                   S
Initial (CH) ----------------------->
<---------------------- Initial (SH1)
<---------------------- Initial (SH2)
<---------------------- Initial (SH3)
Initial (ACK) ---------------------->
<---------------------- Initial (SH4)
<---------------------- Initial (SH5)
<---------------------- Initial (SH6)
<---------------------- Initial (SH7)
<---------------------- Initial (SH8)
<---------------------- Initial (SH9)


However, as I read the text, the server is actually only permitted to
send three packets in response to the ACK. The good news is that
because the client is required to send fully padded packets, so you at
least get to send 3600 octets or so per RT, but if the SH is >7K this
is pretty annoying.

I believe that there is a straightforward compatible change that would
allow relaxing this restriction: if the server uses a reasonably long
SCID, then when the client responds with an initial with DCID set to
that SCID (which it is supposed to do anyway by my reading of S 7.2),
then it is implicitly a proof of reachability, and the server could
ignore the amplification limit.

