Re: [quicwg/base-drafts] Required state for retaining unacked RETIRE_CONNECTION_ID frames is unbound (#3509)

ianswett <> Wed, 01 April 2020 13:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6E3FB3A0F2D for <>; Wed, 1 Apr 2020 06:36:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1Grpwh9wKDAR for <>; Wed, 1 Apr 2020 06:36:39 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3B1E53A0F6C for <>; Wed, 1 Apr 2020 06:36:38 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 56CAC2C2273 for <>; Wed, 1 Apr 2020 06:36:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1585748197; bh=fCarW5kbIFypoDYIALeRjctsitcxjL0Q8EiGUitPYyQ=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=fhhHOpckLdJa74r1Rm2Hgv6HUlPoCVNcdZLyHSeQwTftMwPA8jEXOA9d/BKK7oDSL 86zcs2Ee8mY67AtMWiOqtFqEEGBg3iYm1Be5wnA0L+oolt9OywT0uYtO+uU6IS8gd5 voDMJwE5yRqW2u6ALJpWJp2dHu7MVJNOi27XNNGc=
Date: Wed, 01 Apr 2020 06:36:37 -0700
From: ianswett <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3509/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Required state for retaining unacked RETIRE_CONNECTION_ID frames is unbound (#3509)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e8498e548adf_32c13f971accd968779a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 01 Apr 2020 13:36:51 -0000

@kazuho I don't think not sending RCID frames is that easy.  Tracking something that needs to be sent consumes comparable state to tracking it in flight.  Or are you suggesting a different algorithm that indicates a RCID frame doesn't need to be sent?

If the peer has to wait for one Retire Prior To to take effect before it's increased again, that leaves only the peer migrating really quickly and lost ACKs as the unbounded case. As @kazuho said, I think it's more likely a well-behaved peer would run out of CIDs in this case than any other failure mode.  I previously suggested stopping sending out NCID frames when the RCID frame limit had been reached to force the issue, but that just changes who has to close the connection.

FWIW, we already have sanity checks where our implementation closes the connection when a datastructure becomes too large.  The limits are high enough that they're almost never hit unless there is a bug, but they've been helpful in finding bugs.  I would advocate everyone have these.  @marten-seemann You'll never get to 0 transport errors.  Some implementations will have a bug, and some peers or servers will have faulty or corrupted memory.  For example, in Google QUIC we found we received the ClientHello on a stream besides 1 surprisingly often.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: