IETF Logo Mail Archive

Re: [quicwg/base-drafts] Rework Key Update (#2237)

Kazuho Oku <notifications@github.com> Wed, 13 February 2019 03:02 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E47F11277D2 for <quic-issues@ietfa.amsl.com>; Tue, 12 Feb 2019 19:02:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Level:
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KD78ThmwC7Xf for <quic-issues@ietfa.amsl.com>; Tue, 12 Feb 2019 19:02:18 -0800 (PST)
Received: from out-2.smtp.github.com (out-2.smtp.github.com [192.30.252.193]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B6861295D8 for <quic-issues@ietf.org>; Tue, 12 Feb 2019 19:02:18 -0800 (PST)
Date: Tue, 12 Feb 2019 19:02:17 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1550026937; bh=tq7ECPOjXpESFZkz/ntclt4BufxFpH0xY2lRz1Hkay4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=fWlGqkHjTT81Pck8l5AnMhis56cl2GQmFkHFS41PviionQEtn4nm0NTYSfXxhCjXI lK301g3CE2rNca0PnVz+BO0IIml/KMgbewnN497wClvpkTXHYHgIxxOj0o4tfFhcKS E2VZjqK7/07S65/mbhpW95Lgys28bFBeCCge5jkU=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab7b53e669e0b7e7b6708e95d06426cba5431b544692cf00000001187b4ab992a169ce1770e975@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2237/review/203011306@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2237@github.com>
References: <quicwg/base-drafts/pull/2237@github.com>
Subject: Re: [quicwg/base-drafts] Rework Key Update (#2237)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c6388b9390c9_16073f8bc1ad45bc8053"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/njEGiyQwstGczyRYmCoN6Fe4P64>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 03:02:20 -0000

kazuho commented on this pull request.



> @@ -5012,6 +5020,44 @@ Reason Phrase:
   This SHOULD be a UTF-8 encoded string {{!RFC3629}}.
 
 
+## KEYS_READY Frame {#frame-keys-ready}
+
+An endpoint sends a KEYS_READY frame (type=0x1e) to signal that it has installed
+keys for reading and writing packets.  Receipt of this frame in a packet
+indicates that all earlier keys can be safely discarded.

At least for dropping the Initial and Handshake keys, I had assumed that we would be sending the frame after all the transmissions have been acknowledged rather than when the new keys become available.

The concern of _not_ waiting for ACKs is that packets would be deemed lost, having negative effect on the congestion control. For example, the proposed design suggests the server to drop Handshake keys when it receives ClientFinished, without sending an ACK for the packet that carried ClientFinished.

Are we fine with that?

The other issue regarding the text is that it does not state that the signal is unilateral. My understanding is that an endpoint is expected to drop the keys when _both_ of the following conditions are met: 1) the endpoint has received the _done_ frame, 2) the endpoint is fine with dropping the keys. The text seems to not capture the second condition.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2237#pullrequestreview-203011306

v2.23.0 | Report a Bug | By Email