Re: KEYS_READY
David Schinazi <dschinazi.ietf@gmail.com> Fri, 15 February 2019 00:18 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57A9B12F1A6 for <quic@ietfa.amsl.com>; Thu, 14 Feb 2019 16:18:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2hcfkt0ikM9Q for <quic@ietfa.amsl.com>; Thu, 14 Feb 2019 16:17:59 -0800 (PST)
Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51AE5128B36 for <quic@ietf.org>; Thu, 14 Feb 2019 16:17:59 -0800 (PST)
Received: by mail-pl1-x630.google.com with SMTP id k15so4017226pls.8 for <quic@ietf.org>; Thu, 14 Feb 2019 16:17:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PF0vUBIxeDU0gnKhOGTbi8r0sdu5sCYRhQpCG4RESDw=; b=O5xIdRz/f8h4I2etDHzkg4Fa7UOwCpGZuufEHpaLWd0Kdek555xfGqoy/4liK/wja3 Wf9owMUdUqmsSxSFyb56sCl6ahDlV0rEQEgv4hhlGNs/olnZruAbD68KNKw91h9Zozzi xhm2UaXyxlmm8/V/u+A8h/xGvzQJ70cjiR4CoiraEMUck2WJ+zId50JGh+Mpu/vep2C0 fBrowzkgOF1fEvifnX6PZm8FhioCz82NLvufZzxHlscfp7fAYu+0xjjvqkp0AID1W37S vIY6uXT4ItkK5zX6trqVKBsXlRe0B1XEw6cqbF5KFdBhQfQ1cOSr/3q0Yn0LDj4yvaSW nAog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PF0vUBIxeDU0gnKhOGTbi8r0sdu5sCYRhQpCG4RESDw=; b=TkfCULW730lZqkNW9QBAhXPCjkIk4r64QEu1Ard+UtrYBKeFju/0fHFSr76etiEZBg kpLEozmVlsgMS9BMy8oOTR0lZfcaWjBgHtht4rMwu/K5uhpb+wyqCitC/JWZmU/IBp3b XsXUooPJ1K7xQb8T5DG3Vh7+tkIADICqa7pEFgrpOt/ZULmS+WnLFvat9lmbvd6WIdBJ oi+WL2fzY1xETlluUWKmCaNaJ1opep7Q+TmmQMhgDcZSFWYf+6nL1uAa4roY9vlMLSzC CTJoaGe+yyhxSM4/A336ez2NgW9BB3NhU+MBz5YjNn7E0IIM5zRiGTJVCnyjVJkwKfjJ jQyg==
X-Gm-Message-State: AHQUAuYqQEcZM0jRRaapz3egPuTm8RfOIoMXHWtgLHwmb6UkK+etv/zU +9810FG59inC895DXsrvVBRUvPf6Jx24CSwD3Sw=
X-Google-Smtp-Source: AHgI3IazCZ2ITWbju0OzPVNldQ+m3BfVW5PBNa1t0ZxNfzcafswrg/69cMOhSkHMVPUUldwi6fETMuqeDQgfcyQHaeY=
X-Received: by 2002:a17:902:bb0b:: with SMTP id l11mr7185817pls.127.1550189878404; Thu, 14 Feb 2019 16:17:58 -0800 (PST)
MIME-Version: 1.0
References: <1550022355.557617.1656828112.4DD1CEE6@webmail.messagingengine.com> <CANatvzy_juza_meGR_-KuBV9FA=F754mv54aawxMb8hYWxb1gA@mail.gmail.com> <CAN1APdcVYKWuapZ3XHxXa_nVACwkRD-xeF3ub-5ROttE7QVrmQ@mail.gmail.com> <CAOYVs2ooxAuwu_zr2XZ-y9UqUP5kTbjoFrckAOi40bF9vODGOg@mail.gmail.com> <CAKcm_gNk=jKrnXM4Ht4yF0RX25wtVifjxz0c1gay0uie7PMw6A@mail.gmail.com> <CANatvzxBYzEaDZ1Ftt=o1zT5zVcVTd1EwtGiJOC-mkrNUWzVAQ@mail.gmail.com> <CAN1APdfzepc9DE98UsWw=hB4dM38qKLxdAjpsYuddDBatcscDA@mail.gmail.com> <739AFC55-DD02-47AA-A29E-B9C34ED7D6F9@gmail.com> <CAN1APddWLdmRo+ZZDnmvrBEFQk4TTcS3UK_9AU4KqAeSkiBvJQ@mail.gmail.com> <375A63C5-7120-4688-8873-EEA90693332E@huitema.net> <CANatvzxoOFzpkcH_4VpQscpZq8ak0QL0D6REvyJVjE+ga97SVQ@mail.gmail.com> <1550111606.3717440.1657643080.033E200B@webmail.messagingengine.com> <ae018a6d-4c9a-acc7-4213-21d1670f9dad@huitema.net> <1550117510.928793.1657684264.41D049FA@webmail.messagingengine.com> <CACpbDcfbEcg70RwpFrCQ2X6WA0Dd7ygd=Q0w7iwKc-ZgZQbZ0w@mail.gmail.com> <1550120733.954579.1657700168.72A8F92A@webmail.messagingengine.com> <CAOYVs2qQJgGNhXJNjhE8L=wxBgq+3qs144WYXs0JoWNBrK_a6A@mail.gmail.com> <DB6PR10MB1766128EAD7248F02C1EAFA5AC670@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <DB6PR10MB176684E61A66BF01C66008F6AC670@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <CAPDSy+5MSST-Nkoi+oaRzSLDJCYqhUmKw1nP_p4fOyq7cfK17w@mail.gmail.com> <CAJ_4DfRKrYOyozbp4GmPNODnZ_sKTECXbMa5Vsuxa4zmubERHQ@mail.gmail.com> <MWHPR22MB0991FCD3ADA97790B238E491DA670@MWHPR22MB0991.namprd22.prod.outlook.com> <CAPDSy+4=YYyTe5=85X09e1kAB7TrmmNXK-2wnLZubfS1ekWRJA@mail.gmail.com> <f2e59f1c-b7d5-49ce-affc-7d16684a048a@www.fastmail.com> <CAPDSy+4sKR99Fwqt+08JevAmC7E4LUSohUrQgVc+5BA56CLEkQ@mail.gmail.com> <b4364dee-a429-45c5-8b56-b82269f1ab2e@www.fastmail.com> <CAPDSy+4idHMDpNya42K5fxRQ6tFUoOXz9bi8K2eU8u-xRiOB3g@mail.gmail.com> <045bbf5b-04e4-4f9f-886b-f7ff9254bdab@www.fastmail.com>
In-Reply-To: <045bbf5b-04e4-4f9f-886b-f7ff9254bdab@www.fastmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Thu, 14 Feb 2019 16:17:47 -0800
Message-ID: <CAPDSy+4iTM1wYpr04fmqOULct5LrB4UnDiPz_K9vGSd3oB=4eg@mail.gmail.com>
Subject: Re: KEYS_READY
To: Martin Thomson <mt@lowentropy.net>
Cc: Mike Bishop <mbishop@evequefou.be>, Ryan Hamilton <rch=40google.com@dmarc.ietf.org>, Marten Seemann <martenseemann@gmail.com>, Jana Iyengar <jri.ietf@gmail.com>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000969d30581e3b51c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/-H2Ej8DhOTGWISsk0W6e0sjRmoA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 00:18:02 -0000
On Thu, Feb 14, 2019 at 3:45 PM Martin Thomson <mt@lowentropy.net> wrote: > On Fri, Feb 15, 2019, at 09:47, David Schinazi wrote: > > This means that the server sends KEYS_ACTIVE(1-RTT) not when the 1-RTT > > keys are active, > > but instead when the handshake finishes, which is when the server has > > received the client finished. > > Those are two different moments in time. > > Yes, because the keys aren't active when the server starts sending 1-RTT > packets. They are only active when the server starts reading 1-RTT. The > server can't activate its 1-RTT reading keys until the handshake is > complete. > Ah, thanks. Looking at it this way it makes sense to me - we may want to make the text clearer in case I'm not the only one who was confused. > That's why I chose to name this KEYS_ACTIVE(this), not RETIRE_KEYS(prev), > but I don't really mind what it is called. > I don't feel strongly about names either as long as they make sense - and now KEYS_ACTIVE also makes sense to me - so either name is fine by me. > > My proposal is to have the client decide when it is done with the > > handshake keys by having the client > > delay sending RETIRE_KEYS(Handshake) instead of the server delaying > > sending KEYS_ACTIVE(1-RTT). > > This requires that the client send more Handshake packets. And it adds a > lot of delay because the client has to wait until all its packets are > acknowledged. We previously agreed that any such signal from the server is > more direct and effective. > I don't think it means more handshake packets. And it's still a direct signal between endpoints. The only difference is that the client-to-server RETIRE_KEYS message is delayed by one RTT compared to its KEYS_ACTIVE message so the server will wait one RTT before throwing away handshake keys. But it has the advantage of not requiring any implicit ACKs. So the tradeoff we're facing is between allowing the server to throw away keys sooner at the cost of making implicit decisions. This implicitness means KEYS_ACTIVE does not allow the client to be able to send anything in Handshake after the ClientFinished. I'm worried that might prevent protocol changes down the road. I'm still in favor of paying the one RTT before key deletion to make the protocol more explicit.
- KEYS_READY Martin Thomson
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY Marten Seemann
- Re: KEYS_READY Ian Swett
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY Christian Huitema
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY Christian Huitema
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Jana Iyengar
- Re: KEYS_READY Jana Iyengar
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY Marten Seemann
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Ryan Hamilton
- RE: KEYS_READY Mike Bishop
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY Nick Harper
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY David Schinazi