IETF Logo Mail Archive

Re: [quicwg/base-drafts] Bundle new client connection ID and path challenge in migration probes (#1730)

Martin Thomson <notifications@github.com> Mon, 10 September 2018 00:47 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A0FA130E11 for <quic-issues@ietfa.amsl.com>; Sun, 9 Sep 2018 17:47:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLhjEE6M5UI7 for <quic-issues@ietfa.amsl.com>; Sun, 9 Sep 2018 17:47:30 -0700 (PDT)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3471130DCF for <quic-issues@ietf.org>; Sun, 9 Sep 2018 17:47:30 -0700 (PDT)
Date: Sun, 09 Sep 2018 17:47:30 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1536540450; bh=QwLBk9DPOr2OMtQE9PTreXj0f8UF66osbnssc8WNszw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=UnySQIlmE0ylvsWwQXhHcwLxdNl0HTmBkoDIySzlwqxw58FjfeSQxsyDhlOpV510u il/3026ci6IRL9k4rKI/q4Ev+SOzKHXckgarHWBXIDUaUNEqdyibhThNMqYWVpIcL2 uP73oTmI0DBx0vYhTJi8J0vS+aiBe1jFtXkNcs/I=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab7f270c52f0b4945d19b47ba3cb9e15a4b458c4b092cf0000000117ad812292a169ce155cc367@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1730/review/153601031@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1730@github.com>
References: <quicwg/base-drafts/pull/1730@github.com>
Subject: Re: [quicwg/base-drafts] Bundle new client connection ID and path challenge in migration probes (#1730)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b95bf22175a5_3cd3f8b1b2d45c015310"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/iNO5MQ10JXS08DCcfCuCBaDgEFA>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Sep 2018 00:47:40 -0000

martinthomson requested changes on this pull request.

I think that the idea is good, but the first addition needs some tweaking.

> @@ -2074,6 +2074,9 @@ path validation with other frames.  For instance, an endpoint may pad a packet
 carrying a PATH_CHALLENGE for PMTU discovery, or an endpoint may bundle a
 PATH_RESPONSE with its own PATH_CHALLENGE.
 
+When probing a new path, an endpoint may want to ensure that the response, if
+any, is sent to a specific connection ID. The endpoint achieves that by bundling
+NEW_CONNECTION_ID and PATH_CHALLENGE frames, in that order.

This implies that order is significant.  It also implies that bundling the two means that this specific connection ID will be used.  We've tried really hard to avoid special inter-frame dependencies like this.  PATH_CHALLENGE is special in the sense that the path it follows is relevant to its processing (which is a necessary evil), but this implies much more than that.  I think that rewording this to suggest that providing NEW_CONNECTION_ID ahead of PATH_CHALLENGE is useful (even necessary if the peer has run out, as they might have) and that having them in the same packet means that the NEW_CONNECTION_ID is guaranteed to be available.  Anything more than might give the wrong impression.

> @@ -2187,7 +2190,10 @@ usable for this connection.  Failure to validate a path does not cause the
 connection to end unless there are no valid alternative paths available.
 
 An endpoint uses a new connection ID for probes sent from a new local address,
-see {{migration-linkability}} for further discussion.
+see {{migration-linkability}} for further discussion. An endpoint that uses
+a new local address should include a NEW_CONNECTION_ID frame in the probe,

"SHOULD"? I don't think that we need to be this suggestive here, other than to note that lack of connection IDs will make probing - and responding to probes - impossible.

> @@ -2359,6 +2365,11 @@ genuine migrations.  Changing port number can cause a peer to reset its
 congestion state (see {{migration-cc}}), so the port SHOULD only be changed
 infrequently.
 
+Endpoints could also have their activity correlated if their peers keep using
+the same destination connection id after migration. Nodes that initiate a

s/id/ID

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1730#pullrequestreview-153601031

v2.23.0 | Report a Bug | By Email