Re: [quicwg/base-drafts] Desirable behavior when it takes time to derive the traffic keys for the next PN space (#3821)
ianswett <notifications@github.com> Sun, 02 August 2020 21:07 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88DF53A0C3E for <quic-issues@ietfa.amsl.com>; Sun, 2 Aug 2020 14:07:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.799
X-Spam-Level: ***
X-Spam-Status: No, score=3.799 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_SUMOF=5, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lm_Ro8M2gHf1 for <quic-issues@ietfa.amsl.com>; Sun, 2 Aug 2020 14:07:56 -0700 (PDT)
Received: from out-25.smtp.github.com (out-25.smtp.github.com [192.30.252.208]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D05D3A0C3D for <quic-issues@ietf.org>; Sun, 2 Aug 2020 14:07:56 -0700 (PDT)
Received: from github-lowworker-292e294.va3-iad.github.net (github-lowworker-292e294.va3-iad.github.net [10.48.102.70]) by smtp.github.com (Postfix) with ESMTP id 5D6978400AB for <quic-issues@ietf.org>; Sun, 2 Aug 2020 14:07:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1596402475; bh=7dlTFzUdevuYNQL6O8tpW5SAEMYn5DvOjpLtFLYs4M4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=eRW5cMHtwXZovkOXkYSlYkU47JRCNbgU5ShKxgjLOWNyjLmO9rSIqtAnvQPdaLL/D CzGlxtMElzyb4ezPzN7BVxg+AXeTQf17R5KAMbYVzMTSnt/uh9+lXCOLWzsr39M3vP 5LthZga00OVQPQVbZ9wIEZWwDzz5OKCd7lxx+jT8=
Date: Sun, 02 Aug 2020 14:07:55 -0700
From: ianswett <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK2FI2GAHC3J6V24YMN5GMGCXEVBNHHCNTMDWA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3821/667724809@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3821@github.com>
References: <quicwg/base-drafts/issues/3821@github.com>
Subject: Re: [quicwg/base-drafts] Desirable behavior when it takes time to derive the traffic keys for the next PN space (#3821)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f272b2b4d10a_375016f84212de"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/qndTCxFga8ROLlz4abgjuJpeZ8o>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Aug 2020 21:07:59 -0000
> > I'm unclear about why moving from handshake complete to confirmed is an improvement, given the example you cite seems to imply the server is retransmitting unnecessary data due to client delays, and for the server complete and confirmed happen at almost identical times. > > I think it is because the client cannot make an assumption on how long it would take for the server to verify the client's TLS handshake messages being sent using Handshake packets. Important thing to note here is that it could not just be Finished. It might include client certificates. Theoretically, client's handshake transcript might be too large so that it requires multiple round-trips to be sent. Specifically, is the concern is that the client will have it's Handshake data acknowledged and will spuriously PTO 1-RTT packets a few times over while waiting for the server to make 1-RTT receive keys available? Is this a problem that's been observed? It seems like it would in practice require client certs, since verifying only a CFIN should be very fast. Making the change to wait for handshake confirmed to PTO 1-RTT data doesn't seem harmful given the existence of HANDSHAKE_DONE, but I'm also not sure it's going to matter much in practice. It also adds an exception to the current rule that PTO is armed when the client isn't sure the server has completed address validation or there are bytes in flight. If the Handshake data has been acknowledged, but the 1-RTT data hasn't, you'd have bytes in flight but not arm the PTO if I understand correctly. Given there's still a SHOULD about sending packets from multiple PN spaces on PTO, including Handshake + 1RTT, I think this change will perform well, but I do have apprehension about seemingly small but subtle changes like this late in the process. > > Regarding ack_delay, I might not sure if I fully follow. But I think I agree that it would become reasonable for an endpoint to send a Handshake Ack with a non-zero ack-delay, if it buffered the handshake packet that was undecryptable at the moment that packet was received, and later processed it. It is a natural outcome of us changing the definition of ack-delay to the sum of undecryptable buffering delay and acknowledgement delay. > > As Initial packets would always be decryptable, I think "SHOULD set ack delay to 0" rule can remain for Initial packets. Agreed, the potential for delay is only for the first Handshake and 1-RTT ACKs. **My summary:** The issue is that ACKs for Handshake and 1-RTT packets could be delayed because the peer doesn't have the keys(either because it takes time to derive them, or it's missing crypto data to derive the next key). This creates two potential issues(neither of which effects correctness, but could be suboptimal): 1. Packets may be acknowledged later than expected, causing the peer to spuriously PTO. 2. The first RTT sample in Handshake and 1-RTT packet spaces could have substantial delay in excess of the 'no ack delay' in Handshake or max_ack_delay for 1-RTT, which inflates SRTT and RTTVar. Changing when to arm PTO for 1-RTT data mitigates one case of the 1st issue(the server being slow to make 1-RTT receive keys available), but I don't believe it helps otherwise with the issue, such as delays in generating Handshake keys. Are there any other design changes(besides complete->confirmed) being considered or suggested for the first issue that I'm missing? If there's no loss, the second issue fixes itself without harm, which is nice. And it's not as bad for ApplicationData, since that will have a non-0 max_ack_delay, which may be enough to absorb the endpoint delay generating keys or doing cert verification, though it won't typically be enough to adjust for a packet being lost and the data being PTO'd and then that making keys available. I think Jana's suggestion ack_delay to including the time packets were buffered is sensible, and ignoring max_ack_delay for the first sample in a PN space seems relatively safe given at least one prior sample. But what if there are no Initial ACKs received and ACK with the large ack_delay is the first ACK of the connection? I guess you're stuck with one bad sample and hope the next is better? The one change we've found mitigates this issue entirely is coalescing packets from the next PN space(Handshake or 1RTT) and then processing the full coalesced packet before processing all buffered packets and sending an ACK. That ensures there's one new packet being acknowledged and you get a non-delayed RTT sample. It doesn't seem onerous to add a "SHOULD process all packets in the current datagram and all buffered packets before sending an ACK to avoid generating multiple inflated RTT samples" to me? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/3821#issuecomment-667724809
- [quicwg/base-drafts] Desirable behavior when it t… Kazuho Oku
- Re: [quicwg/base-drafts] Desirable behavior when … Martin Thomson
- Re: [quicwg/base-drafts] Desirable behavior when … Kazuho Oku
- Re: [quicwg/base-drafts] Desirable behavior when … Kazuho Oku
- Re: [quicwg/base-drafts] Desirable behavior when … ianswett
- Re: [quicwg/base-drafts] Desirable behavior when … Kazuho Oku
- Re: [quicwg/base-drafts] Desirable behavior when … ianswett
- Re: [quicwg/base-drafts] Desirable behavior when … Kazuho Oku
- Re: [quicwg/base-drafts] Desirable behavior when … Jana Iyengar
- Re: [quicwg/base-drafts] Desirable behavior when … Kazuho Oku
- Re: [quicwg/base-drafts] Desirable behavior when … Jana Iyengar
- Re: [quicwg/base-drafts] Desirable behavior when … Kazuho Oku
- Re: [quicwg/base-drafts] Desirable behavior when … Martin Thomson
- Re: [quicwg/base-drafts] Desirable behavior when … Kazuho Oku
- Re: [quicwg/base-drafts] Desirable behavior when … Kazuho Oku
- Re: [quicwg/base-drafts] Desirable behavior when … Martin Thomson
- Re: [quicwg/base-drafts] Desirable behavior when … Jana Iyengar
- Re: [quicwg/base-drafts] Desirable behavior when … Jana Iyengar
- Re: [quicwg/base-drafts] Desirable behavior when … Jana Iyengar
- Re: [quicwg/base-drafts] Desirable behavior when … Jana Iyengar
- Re: [quicwg/base-drafts] Desirable behavior when … ianswett
- Re: [quicwg/base-drafts] Desirable behavior when … ianswett
- Re: [quicwg/base-drafts] Desirable behavior when … Jana Iyengar
- Re: [quicwg/base-drafts] Desirable behavior when … Kazuho Oku
- Re: [quicwg/base-drafts] Desirable behavior when … Kazuho Oku
- Re: [quicwg/base-drafts] Desirable behavior when … ianswett
- Re: [quicwg/base-drafts] Desirable behavior when … ianswett
- Re: [quicwg/base-drafts] Desirable behavior when … ianswett
- Re: [quicwg/base-drafts] Desirable behavior when … Martin Thomson
- Re: [quicwg/base-drafts] Desirable behavior when … Jana Iyengar