Re: [quicwg/base-drafts] Desirable behavior when it takes time to derive the traffic keys for the next PN space (#3821)

Martin Thomson <notifications@github.com> Wed, 15 July 2020 07:34 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E53C13A0872 for <quic-issues@ietfa.amsl.com>; Wed, 15 Jul 2020 00:34:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.1
X-Spam-Level:
X-Spam-Status: No, score=-3.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sb5_rqv6vcNS for <quic-issues@ietfa.amsl.com>; Wed, 15 Jul 2020 00:34:28 -0700 (PDT)
Received: from out-17.smtp.github.com (out-17.smtp.github.com [192.30.252.200]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C79FF3A086A for <quic-issues@ietf.org>; Wed, 15 Jul 2020 00:34:28 -0700 (PDT)
Received: from github-lowworker-b2150d3.ash1-iad.github.net (github-lowworker-b2150d3.ash1-iad.github.net [10.56.113.12]) by smtp.github.com (Postfix) with ESMTP id 002236E11C8 for <quic-issues@ietf.org>; Wed, 15 Jul 2020 00:34:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1594798467; bh=0lh4cSl9l0rUyqwDPhuKP74jEY8UMid9T8oOcn8IzhE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=snWrs800epF8sEGvmiuSM1BeDWSSlMv4Tp9GJCBWr+RhB5VrltQL2CfqPXlbS69I9 DZn5U7qZmlqoiSx2OljaGY5TuI8lsUKhfupHJTSenBbLBp3/j0kdauvKez7u4xO9Xv bCJwmA9tNzgEz9sRWUzN1LXWDWNS1eG1Vnh7jJ8o=
Date: Wed, 15 Jul 2020 00:34:27 -0700
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK4XZMBML5H52NTVE7N5DKJIHEVBNHHCNTMDWA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3821/658599289@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3821@github.com>
References: <quicwg/base-drafts/issues/3821@github.com>
Subject: Re: [quicwg/base-drafts] Desirable behavior when it takes time to derive the traffic keys for the next PN space (#3821)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f0eb183e4b05_aa23f91350cd9641126cc"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/znjhG49jtUod74nAlbjpPR2fvaM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2020 07:34:31 -0000

FWIW, I was *really* concerned about that last change.  Aside from it making this a non-editorial change, the way that we avoid handshake deadlock depends very much on HANDSHAKE_DONE being followed by probes.  But as the server confirms and completes the handshake at the same time, I've convinced myself that this is OK.  

(That this is what our stack did, largely by accident, is vindication of sorts...)

I would encourage people to sit down and run the analysis on that change to convince themselves that this is not reintroducing the handshake deadlock.

The other part of the proposed solution needs to be slightly different.  @janaiyengar proposes that we ignore `max_ack_delay` prior to confirming the handshake.  I think that's good, but it is not completely correct, and nor would it be sufficient.

We need to ignore `max_ack_delay` for acknowledgements of packets that were sent prior to handshake confirmation.  Those are the ones that might have been buffered until keys were ready.

In order for that to work, we have two new requirements on packet processing for buffered packets:

1. endpoints MUST process and acknowledge (or discard) any packets that they might have buffered during the handshake within `max_ack_delay` of completing the handshake

2. endpoints MUST report an ACK Delay that is based on when a packet is received, not when it was processed

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3821#issuecomment-658599289