[quicwg/base-drafts] Remove amplification throttle if the server receives Initial that echoes its high entropy SCID. (#3834)

ekr <notifications@github.com> Wed, 08 July 2020 00:35 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A44F73A0CBA for <quic-issues@ietfa.amsl.com>; Tue, 7 Jul 2020 17:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.697
X-Spam-Level:
X-Spam-Status: No, score=-1.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UQA5it5x06wD for <quic-issues@ietfa.amsl.com>; Tue, 7 Jul 2020 17:35:47 -0700 (PDT)
Received: from out-26.smtp.github.com (out-26.smtp.github.com [192.30.252.209]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 449EC3A0CB9 for <quic-issues@ietf.org>; Tue, 7 Jul 2020 17:35:47 -0700 (PDT)
Received: from github-lowworker-b19c547.va3-iad.github.net (github-lowworker-b19c547.va3-iad.github.net [10.48.17.66]) by smtp.github.com (Postfix) with ESMTP id 7E0092823DA for <quic-issues@ietf.org>; Tue, 7 Jul 2020 17:35:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1594168545; bh=GehdUoLo9abtbVwK0SNN0UkJtmqVVtP60W5QETTzGDE=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=vecxRSUScAzS+8IG4efct7Ea9CAiVAECVUc9vzcRpXFJV3cRqO8gGnlAhsvwamz2I bcxmZABoWCYGxCHLD2DbXpTbh+TcmAJlSFAwioxqmPeMkguOehC7jBUk13zUQb1/hE Lp7tF5Iz38y5CWNAUg41sbyVQiYLFQfCbbCnPwhA=
Date: Tue, 07 Jul 2020 17:35:45 -0700
From: ekr <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK5PMMVDEY3HSX64F7F5CD26DEVBNHHCN2E4VA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3834@github.com>
Subject: [quicwg/base-drafts] Remove amplification throttle if the server receives Initial that echoes its high entropy SCID. (#3834)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f0514e16e686_2b9a3f9047acd96c56242"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/awgbnQvAxLVjzNl9szK3kjerfwM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2020 00:35:49 -0000

Suppose you have a large SH, for instance due to PQ crypto, in which
case it will have to span multiple packets. If it exceeds three
packets, then it will not be able to fit into a single flight. Ideally
this would look something like this:

```
C                                   S
Initial (CH) ----------------------->
<---------------------- Initial (SH1)
<---------------------- Initial (SH2)
<---------------------- Initial (SH3)
Initial (ACK) ---------------------->
<---------------------- Initial (SH4)
<---------------------- Initial (SH5)
<---------------------- Initial (SH6)
<---------------------- Initial (SH7)
<---------------------- Initial (SH8)
<---------------------- Initial (SH9)

```

However, as I read the text, the server is actually only permitted to
send three packets in response to the ACK. The good news is that
because the client is required to send fully padded packets, so you at
least get to send 3600 octets or so per RT, but if the SH is >7K this
is pretty annoying.

I believe that there is a straightforward compatible change that would
allow relaxing this restriction: if the server uses a reasonably long
SCID, then when the client responds with an initial with DCID set to
that SCID (which it is supposed to do anyway by my reading of S 7.2),
then it is implicitly a proof of reachability, and the server could
ignore the amplification limit.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3834