IETF Logo Mail Archive

Re: [quicwg/base-drafts] describe how 0-RTT is accepted and rejected (#2841)

Kazuho Oku <notifications@github.com> Wed, 26 June 2019 02:00 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBDB512011E for <quic-issues@ietfa.amsl.com>; Tue, 25 Jun 2019 19:00:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Level:
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ms6B1cCRj9tI for <quic-issues@ietfa.amsl.com>; Tue, 25 Jun 2019 19:00:12 -0700 (PDT)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99A19120024 for <quic-issues@ietf.org>; Tue, 25 Jun 2019 19:00:11 -0700 (PDT)
Date: Tue, 25 Jun 2019 19:00:09 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1561514410; bh=VHNkzPK7JDHgWsR0jDIG3pfXllEwQAxx0RnG19qGEdI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=dm9r/7zlYKqhs205lLwOOHu2/zQhsjGuNRFAnUTp9rs+TWhq0XjrtPcRyFyywwTlB dDbnn9NS1wzG1nqBmCtP4D/JH5n6SJ69Nk4MlKz2t+6KOrf3Rt29+qVvdhDg+c9liX Hu+nf4ZTXiXfvehUxcigruy7/yL3K6mNtPTynBkk=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK5C7BFEN5Q6MPFIKAF3EACCTEVBNHHBW3JQOA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2841/review/254349725@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2841@github.com>
References: <quicwg/base-drafts/pull/2841@github.com>
Subject: Re: [quicwg/base-drafts] describe how 0-RTT is accepted and rejected (#2841)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d12d1a9e7419_78c33fd437ecd95c980f4"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/pafMl-2SktwZoFnOQY6eIsX8xlY>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jun 2019 02:00:14 -0000

kazuho commented on this pull request.



>  
-A server rejects 0-RTT by rejecting 0-RTT at the TLS layer.  This also prevents
-QUIC from sending 0-RTT data. A server will always reject 0-RTT if it sends a
-TLS HelloRetryRequest.
+A server rejects 0-RTT by sending a ServerHello without the EarlyDataIndication.
+A server will always reject 0-RTT if it sends a TLS HelloRetryRequest.  When
+rejecting 0-RTT, a server MUST NOT process any 0-RTT packets, even if it is in
+possesion of the keys to do so.  When 0-RTT was rejected, a client MUST treat
+receipt of an acknowledgement for a 0-RTT packet as a connection error of type

@marten-seemann Contrary to what you state, the spec is clear about skipping PN 0 (or any packet number in a packet number space) is a permitted behavior. Quoting from [section 21.3](https://quicwg.org/base-drafts/draft-ietf-quic-transport.html#rfc.section.21.3), _an endpoint MAY skip packet numbers when sending packets to detect this behavior._

Using unified packet number space on the send side is precisely an act of "skipping packet numbers when sending packets," skipping those that have been used in another packet number space.

>> IIRC, the sub-clause "if it is able to detect the condition" was added intentionally to the general rule, because people were concerned about the text being interpreted as to recommend having a way to detect such errors.
> I think we added this text because for 1-RTT packets, you clear out old ACK ranges from time to time. When receiving an ACK for a very old packet you'd then not be able to check if you actually sent this packet, because you already removed the tracking state.

I'm not sure if I agree with the assumption, but granted that it is true, I think it would be an argument _for_ having the same sub-clause for 0-RTT packets as well. ACK ranges are cleared out from time to time. Then, why do we need to handle ranges for 0-RTT packets specially, only when the server rejects 0-RTT?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2841#discussion_r297458292

v2.37.1 | Report a Bug | By Email | System Status