Re: [quicwg/base-drafts] Allow CONNECTION_CLOSE in 0-RTT (#3440)

[Kazuho Oku <notifications@github.com>]

kazuho commented on this pull request.

LGTM modulo the points below.

>  
-- CRYPTO frames and CONNECTION_CLOSE frames signaling errors at the QUIC layer
-  (type 0x1c) MAY appear in packets of any encryption level except 0-RTT.
+- CONNECTION_CLOSE frames signaling errors at the QUIC layer (type 0x1c) MAY
+  appear in any packet number space. CONNECTION_CLOSE frames signaling
+  application errors (type 0x1d) MAY appear in every packet number space other
+  than Initial.

I think we should forbid CONNECTION_CLOSE (0x1d) from being used in Handshake packets. It is the responsibility of an encrypted transport encrypted *and authenticated* channel to the application. Handshake packets do not provide that.

Consider the case of a pot protocol that returns a boolean indicating if it is a coffee pot or a tea pot. Such an application protocol can use application close to indicate that boolean. But can a coffee pot send that boolean in a Handshake packet? Definitely not! Because somebody from Britain might spoof a Handshake packet that tells the client that it is in fact a tea pot.

> +  the client has Handshake keys.  Under these circumstances, a server SHOULD
+  send a CONNECTION_CLOSE frame in both Handshake and Initial packets to ensure
+  that at least one of them is processable by the client.
+
+* A client that sends CONNECTION_CLOSE in a 0-RTT packet cannot be assured of
+  the server has accepted 0-RTT and so sending a CONNECTION_CLOSE frame in an
+  Initial packet makes it more likely that the server can receive the close
+  signal, even if the application error code might not be received.
+
+* Prior to confirming the handshake, a peer might be unable to process 1-RTT
+  packets, so an endpoint SHOULD send CONNECTION_CLOSE in both Handshake and
+  1-RTT packets.  A server SHOULD also send CONNECTION_CLOSE in an Initial
+  packet.
+
+An CONNECTION_CLOSE of type 0x1d MUST be replaced by a CONNECTION_CLOSE of type
+0x1c when sending the frame in Initial packets. Otherwise, information about

"Initial or Handshake packets" due to the reason stated above.

>  
-: A CONNECTION_CLOSE frame of type 0x1c can appear in Initial, Handshake, and
-1-RTT packets, whereas a CONNECTION_CLOSE of type 0x1d can only appear in a
-1-RTT packet.
+: A CONNECTION_CLOSE frame of type 0x1d cannot appear in Initial packets.

Initial or Handshake

> @@ -5680,10 +5693,10 @@ Reason Phrase:
   This SHOULD be a UTF-8 encoded string {{!RFC3629}}.
 
 The application-specific variant of CONNECTION_CLOSE (type 0x1d) can only be
-sent using an 1-RTT packet ({{QUIC-TLS}}, Section 4).  When an application
-wishes to abandon a connection during the handshake, an endpoint can send a
-CONNECTION_CLOSE frame (type 0x1c) with an error code of 0x15a ("user_canceled"
-alert; see {{?TLS13}}) in an Initial or a Handshake packet.
+sent using 0-RTT or 1-RTT packets ({{QUIC-TLS}}, Section 4).  When an

Good to know that the sentence here forbids CONNECTION_CLOSE (0x1d) being used in Handshake packets. Maybe it's the case that we changed here, but not the other places (that I have pointed out).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3440#pullrequestreview-368410473