IETF Logo Mail Archive

Re: Consensus Calls for Transport/TLS issues, post-Cupertino

Watson Ladd <watsonbladd@gmail.com> Wed, 30 October 2019 05:09 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8413212003E for <quic@ietfa.amsl.com>; Tue, 29 Oct 2019 22:09:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umXky9FtrBv4 for <quic@ietfa.amsl.com>; Tue, 29 Oct 2019 22:09:01 -0700 (PDT)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51A95120827 for <quic@ietf.org>; Tue, 29 Oct 2019 22:09:01 -0700 (PDT)
Received: by mail-lj1-x22b.google.com with SMTP id y3so1129119ljj.6 for <quic@ietf.org>; Tue, 29 Oct 2019 22:09:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=m7chVPRkUMfij36+pZGeUsh176Nod5x9332jPXTLAnU=; b=gmEKlvTVgnMHwwFrK67ho08ZBcXrbegneicyeX2xmjTKOgGlO0mzOnh7iItTfKX5Jb GFx0k+obNKAAY6q4fDD/rB9DXJDXib13Gas2dDKYVfMgdsNZ57dv39btARJX+L3fMXA6 +hzOushnH1nAaxVb103/qHWEEG/gthsLz9F97oxfRc6DIgpM2uG5RgGcoRU1bEBUWql/ wOw46pdFYIWYE79jHMIlp0CB1ftbxK1rCAAX4rpLz7C5Q6a7NUUQcjQHY/StIM6Ib4Ga ko07DxKpWUth+K8Ox6RAPqbnBF/Jy17denfBjYxYRGQVZXRPqmt1v2GZGx0Xj7BkJKpR +qfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=m7chVPRkUMfij36+pZGeUsh176Nod5x9332jPXTLAnU=; b=i0ae6qTZkX8Lce0a3q+eMnPbKRaBVjneqV664rdm24KI/A6iq8A2mI9DKnZYfIUNoT tSc4ejyiACnU019Zn8HFCaAL69hvZ4km5v264SQvUz3uAraiPJnhD8hW+sv3E1QbPg4q YpuU1FntXkO9tSOWoutmeJyXVMlYobhH4Rd7DO6sifikneKYOJYIBuPuRmtDTPT4URCq IZn5wgHiXFRKEF5TCE+f6uPpOO3U2Domt7VHfWMFZmReY6oHX0p5uRgezEyMyY92RaMF xWNwXFLUhvJHGZ8vvQb+2t4/bUfT5NQJu6g/V40nPErsKsko2s+TclfRVHCwqJq49nKs lwqw==
X-Gm-Message-State: APjAAAVXjd/PB6OkzC3SW1oezc5tU1wB5TY2RTELzhUgWgYX/kzXr9EQ E9DbanGPC5L3XyC/V86HvhwrWP+mh+i9SvgcVGo=
X-Google-Smtp-Source: APXvYqzgM7I42eO5wYs82MIivU5nZ6VakrG3Vj1LtBPJgC9Mb+6J//sMVmwZKa+likKdoWkrwcoNDr/Jlqt0GFRJIsg=
X-Received: by 2002:a05:651c:28a:: with SMTP id b10mr850300ljo.124.1572412139404; Tue, 29 Oct 2019 22:08:59 -0700 (PDT)
MIME-Version: 1.0
References: <4D6397AF-B411-4E67-AFD2-76E8F2AD462C@mnot.net> <CANatvzwYA-NN+p5jLu4vpgKY_G-ZoUM03CacZWS2FAPyPqgiiw@mail.gmail.com> <BN3PR00MB0083E9A10A58F4CCC7B8A5C6B3680@BN3PR00MB0083.namprd00.prod.outlook.com> <22517ab5-9a6c-4486-b7ea-03badc064cbe@www.fastmail.com> <CANatvzx=RWB1Bio7tqX7nN_Vn1SfSaE69LZbuiU5pWeXP=BwNQ@mail.gmail.com> <DB6PR10MB176678E88FF226C2EB8FF78EAC680@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <CACpbDccOe01VBjwwy=mdSi5nync8bXa506OMTbLPpBH-hoj4Sw@mail.gmail.com> <CAPDSy+4S06qHBbitdH07Ah6gJYV+ZMY4huYLVGw14Q-n6isCrg@mail.gmail.com> <BN6PR2201MB17008576E4F8400B5DDB696FDA6B0@BN6PR2201MB1700.namprd22.prod.outlook.com> <CACpbDcf+n47NXh8XMEKx6n1fiJPZ+WyuivNmuBy1vKhZYZe6Uw@mail.gmail.com> <CAM4esxQYyTQPpF13v0AT4R=TcFOa9=UCn0nWsiqwMReYFOYDYg@mail.gmail.com> <CABcZeBM2QGC+wx-UUKMkJDqxKscOgJfhqwPhr7QXg3h-GpZwfQ@mail.gmail.com> <4d408d7a-7c50-4ccc-a42b-fb2b71b0c507@www.fastmail.com> <CABcZeBMdQPMeu862uizQYKr451Y9mvwhZ4MT7h_te5ho_Y9DOQ@mail.gmail.com> <98b890c7-d57f-484c-88d5-056e4e607465@www.fastmail.com> <CABcZeBP4BwBsySd8Phhg3fd3kTMoS6E=j5tit3pg7JKe7vrb6Q@mail.gmail.com> <1e5ae15f-56cf-47c5-930a-9f5bae59763b@www.fastmail.com>
In-Reply-To: <1e5ae15f-56cf-47c5-930a-9f5bae59763b@www.fastmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 29 Oct 2019 22:08:48 -0700
Message-ID: <CACsn0cmXqOhtxVtvY9UHFf26EdXTagA7UjinEjokRsHN3tgYvg@mail.gmail.com>
Subject: Re: Consensus Calls for Transport/TLS issues, post-Cupertino
To: Martin Thomson <mt@lowentropy.net>
Cc: Eric Rescorla <ekr@rtfm.com>, Jana Iyengar <jri.ietf@gmail.com>, Mike Bishop <mbishop@evequefou.be>, David Schinazi <dschinazi.ietf@gmail.com>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, IETF QUIC WG <quic@ietf.org>, Martin Duke <martin.h.duke@gmail.com>, Kazuho Oku <kazuhooku@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/35mi5ZuRiqVNPdUIjg3Ub_YfCFI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 05:09:04 -0000

On Tue, Oct 29, 2019 at 10:03 PM Martin Thomson <mt@lowentropy.net> wrote:
>
> On Wed, Oct 30, 2019, at 10:58, Eric Rescorla wrote:
> > On Mon, Oct 28, 2019 at 8:32 PM Martin Thomson <mt@lowentropy.net> wrote:
> > > On Tue, Oct 29, 2019, at 10:34, Eric Rescorla wrote:
> > >  > On Sun, Oct 27, 2019 at 7:47 PM Martin Thomson <mt@lowentropy.net> wrote:
> > >  > > On Mon, Oct 28, 2019, at 10:01, Eric Rescorla wrote:
> > >  > > > I think we're clearly going to need to spend some time on this. I don't
> > >  > > > think the spec is satisfactory as-is: we should be designing a
> > >  > > > transport that works for all use cases, not just H3. That said, I also
> > >  > > > don't agree that we need an additional explicit signal. We have one,
> > >  > > > it's called "ACK". We should figure out how to make that work.
> > >  > >
> > >  > > I think that we've established that ACK doesn't work without something to push it along.
> > >  >
> > >  > No, I don't agree with that assessment.
> > >
> > >  Well, I'd like some proof. I shared what I believe to be proof earlier. Happy to walk through it again though.
> >
> > Yeah, I think that would help. I've gotten a little lost on the list,
> > so maybe you can re-point it out to me.
>
> Let me try restating it more thoroughly:
>
> The problem that Marten identified is a deadlock because one side discards keys at a time that might be significantly in advance of the other.  If the endpoint that retains keys still hasn't received acknowledgments, it enters a deadlock state if it exhausts the congestion window by sending Handshake packets.
>
> (As an aside, David suggested that we might avoid deadlock if the congestion controller didn't create a dependency cycle between 1-RTT and Handshake, but I didn't detect any inclination to do that, nor am I completely confident that attempting to do so would guarantee success.  There's also the problem that Kazuho and Jana identified, which observes that a loose upper bound on convergence time was undesirable if we want to enable migration.)
>
> Both peers can enter this potential deadlock state in different ways, so we need a symmetric solution.  I can draw up what this looks like in converse, but just imagine that the client sends and loses a Handshake ACK that is separate from the Finished.  That side of this could be addressed with implicit acknowledgment for the server, but I don't think we want to go there.
>
> Any signal that is based purely on "organic" traffic (that is stuff that is sent by the application) can produce an asymmetric state where one side receives the signal and the other does not.  If both peers stop sending packets at that point, which "organic" traffic would have to permit, then the keys will be gone on one side and not the other.
>
> In general, frames from an endpoint don't result in any mandatory transport-level action other than an ACK frame.  ACK frames don't elicit acknowledgment and aren't sent again.  PATH_CHALLENGE is the other way to get a transport-level forced response, but that is similar in that PATH_RESPONSE also doesn't require retransmision.  An endpoint that sends a packet can decide not to send another packet.  Thus, any implicit signal we create can only guarantee one-way propagation, which is firmly in two generals territory as Christian points out.
>
> A PATH_CHALLENGE is almost right for this purpose, because it initiates a three-way exchange, but the lack of requirements for retransmission makes it difficult to guarantee that the process terminates.  And that probably requires overloading semantics for the frames in uncomfortable ways.  Forcing either endpoint to repeatedly initiate path validation would be worse than HANDSHAKE_DONE, especially when you consider that the path is already validated by the handshake.
>
> Thus, while we might be able to define a process where each peer can satisfy themselves that their peer is "done", we don't have an "organic" process that we can attach to for roughly synchronizing the times that endpoints reach that conclusion.

Maybe it's worth writing down the state machine formally and trying to
use a model checker to show that there are no deadlocking pathways.
It's certainly confusing enough for me to have no idea.

>
>
>


-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

v2.23.0 | Report a Bug | By Email