Re: [quicwg/base-drafts] Allow CONNECTION_CLOSE in 0-RTT (#3440)

Kazuho Oku <> Wed, 04 March 2020 00:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C3C003A08B2 for <>; Tue, 3 Mar 2020 16:02:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.089
X-Spam-Status: No, score=-8.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rpk5PbS-RpDi for <>; Tue, 3 Mar 2020 16:02:19 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AD8C13A08AE for <>; Tue, 3 Mar 2020 16:02:18 -0800 (PST)
Date: Tue, 03 Mar 2020 16:02:17 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1583280137; bh=BgdX4JAKRYqf1vvWxTmVN9XLAoR5ctgw54J3y+OrjNM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=pdp/ZEs6/FNPLjGZNhF2Fu3GwNcwoyyYY9R11+/Ronk1gBA+HVokPjQH1jOJDBoud HDhRT6+tWfOaYI+nUpj/+dcaYIZkhLbiBUbvVhX+8AxSodjQauLOcHh/JjkjT/v6Tr 4QyxSa+hsms3R00LoW2/rvz9mJqscB2GumApZGvA=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3440/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Allow CONNECTION_CLOSE in 0-RTT (#3440)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e5ef0099af41_1fc33fea0d4cd95c427fc"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 Mar 2020 00:02:24 -0000

kazuho commented on this pull request.

LGTM modulo the points below.

-- CRYPTO frames and CONNECTION_CLOSE frames signaling errors at the QUIC layer
-  (type 0x1c) MAY appear in packets of any encryption level except 0-RTT.
+- CONNECTION_CLOSE frames signaling errors at the QUIC layer (type 0x1c) MAY
+  appear in any packet number space. CONNECTION_CLOSE frames signaling
+  application errors (type 0x1d) MAY appear in every packet number space other
+  than Initial.

I think we should forbid CONNECTION_CLOSE (0x1d) from being used in Handshake packets. It is the responsibility of an encrypted transport encrypted *and authenticated* channel to the application. Handshake packets do not provide that.

Consider the case of a pot protocol that returns a boolean indicating if it is a coffee pot or a tea pot. Such an application protocol can use application close to indicate that boolean. But can a coffee pot send that boolean in a Handshake packet? Definitely not! Because somebody from Britain might spoof a Handshake packet that tells the client that it is in fact a tea pot.

> +  the client has Handshake keys.  Under these circumstances, a server SHOULD
+  send a CONNECTION_CLOSE frame in both Handshake and Initial packets to ensure
+  that at least one of them is processable by the client.
+* A client that sends CONNECTION_CLOSE in a 0-RTT packet cannot be assured of
+  the server has accepted 0-RTT and so sending a CONNECTION_CLOSE frame in an
+  Initial packet makes it more likely that the server can receive the close
+  signal, even if the application error code might not be received.
+* Prior to confirming the handshake, a peer might be unable to process 1-RTT
+  packets, so an endpoint SHOULD send CONNECTION_CLOSE in both Handshake and
+  1-RTT packets.  A server SHOULD also send CONNECTION_CLOSE in an Initial
+  packet.
+An CONNECTION_CLOSE of type 0x1d MUST be replaced by a CONNECTION_CLOSE of type
+0x1c when sending the frame in Initial packets. Otherwise, information about

"Initial or Handshake packets" due to the reason stated above.

-: A CONNECTION_CLOSE frame of type 0x1c can appear in Initial, Handshake, and
-1-RTT packets, whereas a CONNECTION_CLOSE of type 0x1d can only appear in a
-1-RTT packet.
+: A CONNECTION_CLOSE frame of type 0x1d cannot appear in Initial packets.

Initial or Handshake

> @@ -5680,10 +5693,10 @@ Reason Phrase:
   This SHOULD be a UTF-8 encoded string {{!RFC3629}}.
 The application-specific variant of CONNECTION_CLOSE (type 0x1d) can only be
-sent using an 1-RTT packet ({{QUIC-TLS}}, Section 4).  When an application
-wishes to abandon a connection during the handshake, an endpoint can send a
-CONNECTION_CLOSE frame (type 0x1c) with an error code of 0x15a ("user_canceled"
-alert; see {{?TLS13}}) in an Initial or a Handshake packet.
+sent using 0-RTT or 1-RTT packets ({{QUIC-TLS}}, Section 4).  When an

Good to know that the sentence here forbids CONNECTION_CLOSE (0x1d) being used in Handshake packets. Maybe it's the case that we changed here, but not the other places (that I have pointed out).

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: