Re: KEYS_READY
David Schinazi <dschinazi.ietf@gmail.com> Thu, 14 February 2019 22:47 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61DCF131227 for <quic@ietfa.amsl.com>; Thu, 14 Feb 2019 14:47:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nuKTLoXSie2K for <quic@ietfa.amsl.com>; Thu, 14 Feb 2019 14:47:13 -0800 (PST)
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A3EA131053 for <quic@ietf.org>; Thu, 14 Feb 2019 14:47:12 -0800 (PST)
Received: by mail-pg1-x532.google.com with SMTP id d72so3792729pga.9 for <quic@ietf.org>; Thu, 14 Feb 2019 14:47:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GZ8MOXj1yEl2Of7yLqG1ssjys2HG6MwQbbZDOe8x6EA=; b=sxXc6wKlBkAgEhbIVZ08AX5kHuBrxX9+oa7ZLj9LHpcVJ6JMTt5xgDtVd0sY5HSq8O sy4/Wuaj2kjBO1p8ZITYvzm80K9eN1JOkKlXuIzrOv/y86G6/dnDHNOrhLOISEzw+fpU ggIC19NgqrrmJ851atpiDYp0MMTXkolz/tivw+HlCpG9vBd/5vjv6PPI7gi5mNOAu1dE kJ11Mg25Wy2qILR6w7l3aZIlN1FoXH0HofXZlaRKrycOov+NbgXWoO4/dPc9JoEwXgXY JdjQqtZIqxy3PgoELjRLSCk3e7LfHzWzLHWrp9TMyyA7vX9aTdAEaUKLtMKaQCfKApit E55Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GZ8MOXj1yEl2Of7yLqG1ssjys2HG6MwQbbZDOe8x6EA=; b=tpQm6EN/8YQvHtmy+lpmTZbr3Mzair8+XDgno1UHpDAdqy/kgrF/QBqNDEgJ2tAk4e +BaNjpmgGS9/7G/KdYGw6YYOeVaBfz16auKHY3OYMzLZC/F+OE7CkNPtPZP0xZJFpyrt B6jd0/N27KoMR3y7PRvqlk1LDlueUi0KZidMeHkGZJrsRNBzHZMt7WGS1RrA6pGic9FI iWACfCVompCfMFasxtZYOMfFFdonK50dCGHJ6V3tqycCPI9/Jd+BW2iF7EexySDM75MR ojb4jt221NFn6SMGoGz+FfhM4rIZb0v3ZPcbsB7sA+qvCNNEBVhi9TvQAXbQrPlsQFN/ 7Uxg==
X-Gm-Message-State: AHQUAuZLRzLBMwTkxvLXISx3FWySQQunBlMpA+U5/FNyurISao0jB0X8 yx9EwT9yY+RH03STY5JicQ5caw30qKDIi2y0veg=
X-Google-Smtp-Source: AHgI3IaiZKrCXxyDjnsERg8/73r2Mx1d1MocqvYqtwep9GEOnbsYilqXpYVhi6MbaZ389Vym5e/Vh7LewgelsRtS/OQ=
X-Received: by 2002:a63:1ce:: with SMTP id 197mr2233463pgb.47.1550184432320; Thu, 14 Feb 2019 14:47:12 -0800 (PST)
MIME-Version: 1.0
References: <1550022355.557617.1656828112.4DD1CEE6@webmail.messagingengine.com> <CANatvzy_juza_meGR_-KuBV9FA=F754mv54aawxMb8hYWxb1gA@mail.gmail.com> <CAN1APdcVYKWuapZ3XHxXa_nVACwkRD-xeF3ub-5ROttE7QVrmQ@mail.gmail.com> <CAOYVs2ooxAuwu_zr2XZ-y9UqUP5kTbjoFrckAOi40bF9vODGOg@mail.gmail.com> <CAKcm_gNk=jKrnXM4Ht4yF0RX25wtVifjxz0c1gay0uie7PMw6A@mail.gmail.com> <CANatvzxBYzEaDZ1Ftt=o1zT5zVcVTd1EwtGiJOC-mkrNUWzVAQ@mail.gmail.com> <CAN1APdfzepc9DE98UsWw=hB4dM38qKLxdAjpsYuddDBatcscDA@mail.gmail.com> <739AFC55-DD02-47AA-A29E-B9C34ED7D6F9@gmail.com> <CAN1APddWLdmRo+ZZDnmvrBEFQk4TTcS3UK_9AU4KqAeSkiBvJQ@mail.gmail.com> <375A63C5-7120-4688-8873-EEA90693332E@huitema.net> <CANatvzxoOFzpkcH_4VpQscpZq8ak0QL0D6REvyJVjE+ga97SVQ@mail.gmail.com> <1550111606.3717440.1657643080.033E200B@webmail.messagingengine.com> <ae018a6d-4c9a-acc7-4213-21d1670f9dad@huitema.net> <1550117510.928793.1657684264.41D049FA@webmail.messagingengine.com> <CACpbDcfbEcg70RwpFrCQ2X6WA0Dd7ygd=Q0w7iwKc-ZgZQbZ0w@mail.gmail.com> <1550120733.954579.1657700168.72A8F92A@webmail.messagingengine.com> <CAOYVs2qQJgGNhXJNjhE8L=wxBgq+3qs144WYXs0JoWNBrK_a6A@mail.gmail.com> <DB6PR10MB1766128EAD7248F02C1EAFA5AC670@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <DB6PR10MB176684E61A66BF01C66008F6AC670@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <CAPDSy+5MSST-Nkoi+oaRzSLDJCYqhUmKw1nP_p4fOyq7cfK17w@mail.gmail.com> <CAJ_4DfRKrYOyozbp4GmPNODnZ_sKTECXbMa5Vsuxa4zmubERHQ@mail.gmail.com> <MWHPR22MB0991FCD3ADA97790B238E491DA670@MWHPR22MB0991.namprd22.prod.outlook.com> <CAPDSy+4=YYyTe5=85X09e1kAB7TrmmNXK-2wnLZubfS1ekWRJA@mail.gmail.com> <f2e59f1c-b7d5-49ce-affc-7d16684a048a@www.fastmail.com> <CAPDSy+4sKR99Fwqt+08JevAmC7E4LUSohUrQgVc+5BA56CLEkQ@mail.gmail.com> <b4364dee-a429-45c5-8b56-b82269f1ab2e@www.fastmail.com>
In-Reply-To: <b4364dee-a429-45c5-8b56-b82269f1ab2e@www.fastmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Thu, 14 Feb 2019 14:47:01 -0800
Message-ID: <CAPDSy+4idHMDpNya42K5fxRQ6tFUoOXz9bi8K2eU8u-xRiOB3g@mail.gmail.com>
Subject: Re: KEYS_READY
To: Martin Thomson <mt@lowentropy.net>
Cc: Mike Bishop <mbishop@evequefou.be>, Ryan Hamilton <rch=40google.com@dmarc.ietf.org>, Marten Seemann <martenseemann@gmail.com>, Jana Iyengar <jri.ietf@gmail.com>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006cc3cc0581e270d5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/10mhqmTqUPZueG_ZdU8lD_O8-BY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 22:47:15 -0000
Hi Martin, I've read the PR (in its latest version) and the comments in my
previous email still hold.
The text I object to from the PR is the following:
A KEYS_ACTIVE frame sent in 1-RTT packets indicates that Handshake keys
are no
longer needed. A client MUST send this frame in its first 1-RTT
packet, and a
server MUST send this frame in the first packet it sends after
completing the
handshake. A server might send 1-RTT packets prior to this; a server
MUST NOT
process 1-RTT packets until the cryptographic handshake is complete.
This means that the server sends KEYS_ACTIVE(1-RTT) not when the 1-RTT keys
are active,
but instead when the handshake finishes, which is when the server has
received the client finished.
Those are two different moments in time.
My proposal is to have the client decide when it is done with the handshake
keys by having the client
delay sending RETIRE_KEYS(Handshake) instead of the server delaying sending
KEYS_ACTIVE(1-RTT).
David
On Thu, Feb 14, 2019 at 2:30 PM Martin Thomson <mt@lowentropy.net> wrote:
> On Fri, Feb 15, 2019, at 09:02, David Schinazi wrote:
> >
> > On Thu, Feb 14, 2019 at 1:02 PM Martin Thomson <mt@lowentropy.net>
> wrote:
> > > Please explain how the two differ, because I'm not seeing a difference.
> >
> > Here's the difference between them as I understand it:
> >
> > I'd initially assumed KEYS_READY meant that the keys were installed -
> > meaning that you send KEYS_READY when your keys are installed. But not
> > quite! The server does not send KEYS_READY when the 1-RTT keys are
> > installed, it sends it when it believes the handshake is done. So now
> > you have a notion of keys being ready that is impacted by parts of the
> > protocol further away.
> >
> > RETIRE_KEYS just means that you're done sending with a set of keys - so
> > you send it when you have received ACKs for everything you cared about
> > sending with those keys. I find that a lot more easier to reason about.
>
> Take another look at the PR and see if you can spot the difference. You
> will find that maybe you are just arguing for a name change here.
>
- KEYS_READY Martin Thomson
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY Marten Seemann
- Re: KEYS_READY Ian Swett
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY Christian Huitema
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY Christian Huitema
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Jana Iyengar
- Re: KEYS_READY Jana Iyengar
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY Marten Seemann
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY Mikkel Fahnøe Jørgensen
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Ryan Hamilton
- RE: KEYS_READY Mike Bishop
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY Nick Harper
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY David Schinazi
- Re: KEYS_READY Kazuho Oku
- Re: KEYS_READY Martin Thomson
- Re: KEYS_READY David Schinazi