Re: [quicwg/base-drafts] Separate key/secret availability from usage (#1654)

Kazuho Oku <notifications@github.com> Tue, 14 August 2018 01:23 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACEA1131137 for <quic-issues@ietfa.amsl.com>; Mon, 13 Aug 2018 18:23:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Lq6Nu7Zu64J for <quic-issues@ietfa.amsl.com>; Mon, 13 Aug 2018 18:23:50 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6520B13111C for <quic-issues@ietf.org>; Mon, 13 Aug 2018 18:23:50 -0700 (PDT)
Date: Mon, 13 Aug 2018 18:23:49 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1534209829; bh=HkIk9bmqibhhbtvD6EqsG/dxDQw7HIBkXE87t2Q5hFE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=HolGtcBOhKanxVv4bZGuEsR32yz87xe+SaF1XtDORQmvYvmZ9fbRKjLuSD1p1Mmcu hwOpzhp3hThJlJ3xn+Bt5NdlKFJroLbz4SrMM+bfmE6Ma74u7PK+d1VdvTXexQexsW B5wc0d/QSGEWLfvCz/WdPgRW/DsOpldEumA4r3gk=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab5c4eb412acf15929dce921ed2858e58b6bb56fe292cf000000011789f12592a169ce14db09b1@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1654/review/145890545@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1654@github.com>
References: <quicwg/base-drafts/pull/1654@github.com>
Subject: Re: [quicwg/base-drafts] Separate key/secret availability from usage (#1654)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b722f25ab205_4e993ff51cad45c0109733"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/o1gPW0kWkdcgf_KFWvTeXZiJafo>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2018 01:23:59 -0000

kazuho commented on this pull request.



> -CRYPTO frame in Handshake encryption) may send STREAM data (in 1-RTT
-encryption). However, if the Finished is lost, the client would have to
-retransmit the Finished, in which case it would use Handshake encryption.
-
+Although TLS only uses one encryption level at a time, QUIC may use more than
+one level. For instance, after sending its Finished message (using a CRYPTO
+frame at the Handshake encryption level) an endpoint can send STREAM data (in
+1-RTT encryption). If the Finished message is lost, the endpoint uses the
+Handshake encryption level to retransmit the lost message.
+
+In particular, server implementations need to be able to read packets at the
+Handshake encryption level before the final TLS handshake message at the 0-RTT
+encryption level (EndOfEarlyData) is available.  Though the content of CRYPTO
+frames at the Handshake encryption level cannot be forwarded to TLS before
+EndOfEarlyData is processed, the client could send ACK frames that the server
+needs to process in order to detect lost Handshake packets.
 

@huitema 
> In fact, just ordering them is not sufficient, because the QUIC implementation does not actually know how long a particular crypto stream is. There is no end mark. So how does it logically deduce that level N is now done, and that it is OK to proceed with N+1?

IIUC our assumption is that the TLS stack will somehow notify the QUIC stack what the current read epoch is, and that the QUIC stack will only supply the contents of CRYPTO frames received in that epoch.

In my view, the following sentence in the PR implies that.

_Though the content of CRYPTO frames at the Handshake encryption level cannot be forwarded to TLS before EndOfEarlyData is processed, the client could send ACK frames that the server needs to process in order to detect lost Handshake packets._

Or is it the case that you are uncomfortable with the text dealing with how to handle TLS messages?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1654#discussion_r209805903