IETF Logo Mail Archive

RE: Consensus Calls for Transport/TLS issues, post-Cupertino

Mike Bishop <mbishop@evequefou.be> Wed, 30 October 2019 15:45 UTC

Return-Path: <mbishop@evequefou.be>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2C46120964 for <quic@ietfa.amsl.com>; Wed, 30 Oct 2019 08:45:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZVtqhtpwGRdz for <quic@ietfa.amsl.com>; Wed, 30 Oct 2019 08:45:48 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-eopbgr800090.outbound.protection.outlook.com [40.107.80.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E7D0120BE2 for <quic@ietf.org>; Wed, 30 Oct 2019 08:45:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IfLar252eMiTYYOVT69qkrb1MUU+5mkt7BA5wpKK0fCLF3vMwc5sGkuTvD2AzfRHjuadoHAo7ujkZIBVI8Hony5MX3uDRSRxV1ceDLDxYVR5OPDqVAnWCUw0ekIMle4vRe7kPuciwncNebNgOQqO83qYV6owntzjx3o/ZQR/9Uky4Y4j2vLd/hC2298XWoKyyKKbad+i8PdQybKLc1kjQXKxqHMZ66W44EuR+BKQpTb3O8LcOUs6+M25IGrXDssZL0QFfs+A1/STVkfgrgWW5Nmh0RbWzuiqA0OyrNdcFbgoa80zYB2Edvmmup5jdUDBjHzSLsg5c6E6PR87IUceHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yN23Gb+cOgn+Zfz6leSDOGxVIxG/6oFxpjYGmit/Q/s=; b=bZphZDdMv2E4zRe2e/wgkF3GBQxaeli2qrKYSyx9tVEUz36W5oImeyggIlz5HeKam+Aov07gabwD471jpN0jd5dNfMeTFNrcjQXAHFAQlLedR5o76CxmDHRU/TquDm/vf1rRL6a62wshPL5PH0Ctsw0zAifgzfCqAbRUZeHsh3HbGUXJxEECXBtpshPT5JIRmY8RcC9WozWvgsu++92oaVwsO2hImrUa7dxmBrQ2P1ezF9nHNVvqul7Bnp72bsHHEu2khcVU0BZzboGbBr48CcPHNH8zjs+Ye+UUcxdfZWj48F4Y7OSI8TyYIU+/NAYJVECbyLb427G/XU8cxDEibA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=evequefou.be; dmarc=pass action=none header.from=evequefou.be; dkim=pass header.d=evequefou.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector2-evequefou-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yN23Gb+cOgn+Zfz6leSDOGxVIxG/6oFxpjYGmit/Q/s=; b=jDL/IZsoIcm75nx5vOJfgbU8xBFKgFz0YzcIIZKK+f+1si6YqoPBYqUAgXG251DQ5AU2E/zd51RoUbl0uW6sBy0WVCE7/5HdijVb6ho7lmds8OLXKh7wJDHVxD8fGVxpimzT8GNQgf88TFEvjsFZcmNDaC9aSs3driCHwt1kVP0=
Received: from BN6PR2201MB1700.namprd22.prod.outlook.com (10.161.152.144) by BN6PR2201MB1298.namprd22.prod.outlook.com (10.174.80.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.23; Wed, 30 Oct 2019 15:45:46 +0000
Received: from BN6PR2201MB1700.namprd22.prod.outlook.com ([fe80::7cb4:5e4e:334c:a737]) by BN6PR2201MB1700.namprd22.prod.outlook.com ([fe80::7cb4:5e4e:334c:a737%7]) with mapi id 15.20.2387.028; Wed, 30 Oct 2019 15:45:46 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Martin Thomson <mt@lowentropy.net>, "quic@ietf.org" <quic@ietf.org>
Subject: RE: Consensus Calls for Transport/TLS issues, post-Cupertino
Thread-Topic: Consensus Calls for Transport/TLS issues, post-Cupertino
Thread-Index: AQHViHGZIuF5g6IoEE6LYrhgawqNGqdl3+KAgAACSQCAABB9gIAAJugAgAAEuICAACuwgIAAzYuAgAF9CnCAAIMlAIACfAKAgAOQaICAAD7ngIABXIYAgAE7BRCAAFqWgIABBsHw
Date: Wed, 30 Oct 2019 15:45:45 +0000
Message-ID: <BN6PR2201MB170025E69A882091F9DCF481DA600@BN6PR2201MB1700.namprd22.prod.outlook.com>
References: <4D6397AF-B411-4E67-AFD2-76E8F2AD462C@mnot.net> <CANatvzwYA-NN+p5jLu4vpgKY_G-ZoUM03CacZWS2FAPyPqgiiw@mail.gmail.com> <BN3PR00MB0083E9A10A58F4CCC7B8A5C6B3680@BN3PR00MB0083.namprd00.prod.outlook.com> <22517ab5-9a6c-4486-b7ea-03badc064cbe@www.fastmail.com> <CANatvzx=RWB1Bio7tqX7nN_Vn1SfSaE69LZbuiU5pWeXP=BwNQ@mail.gmail.com> <DB6PR10MB176678E88FF226C2EB8FF78EAC680@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <CACpbDccOe01VBjwwy=mdSi5nync8bXa506OMTbLPpBH-hoj4Sw@mail.gmail.com> <CAPDSy+4S06qHBbitdH07Ah6gJYV+ZMY4huYLVGw14Q-n6isCrg@mail.gmail.com> <BN6PR2201MB17008576E4F8400B5DDB696FDA6B0@BN6PR2201MB1700.namprd22.prod.outlook.com> <CACpbDcf+n47NXh8XMEKx6n1fiJPZ+WyuivNmuBy1vKhZYZe6Uw@mail.gmail.com> <CAM4esxQYyTQPpF13v0AT4R=TcFOa9=UCn0nWsiqwMReYFOYDYg@mail.gmail.com> <CABcZeBM2QGC+wx-UUKMkJDqxKscOgJfhqwPhr7QXg3h-GpZwfQ@mail.gmail.com> <4d408d7a-7c50-4ccc-a42b-fb2b71b0c507@www.fastmail.com> <CABcZeBMdQPMeu862uizQYKr451Y9mvwhZ4MT7h_te5ho_Y9DOQ@mail.gmail.com> <BN6PR2201MB1700E30A73DA3E8E91937C6BDA610@BN6PR2201MB1700.namprd22.prod.outlook.com> <f3e3b8e9-9da7-4666-bf94-03f8e0751b9a@www.fastmail.com>
In-Reply-To: <f3e3b8e9-9da7-4666-bf94-03f8e0751b9a@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [2600:2b00:931f:a301:d929:1930:fc03:fdc0]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5b8c4e34-ec34-4026-140a-08d75d503ae9
x-ms-traffictypediagnostic: BN6PR2201MB1298:
x-microsoft-antispam-prvs: <BN6PR2201MB129805FB467E2CEE035A32AFDA600@BN6PR2201MB1298.namprd22.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02065A9E77
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400003)(396003)(136003)(376002)(346002)(366004)(199004)(189003)(13464003)(51444003)(2501003)(86362001)(305945005)(7736002)(52536014)(8676002)(508600001)(81166006)(8936002)(81156014)(33656002)(71190400001)(71200400001)(6436002)(25786009)(2906002)(316002)(5660300002)(9686003)(55016002)(53546011)(76176011)(102836004)(6506007)(7696005)(486006)(11346002)(74316002)(476003)(446003)(99286004)(186003)(46003)(6116002)(66476007)(66946007)(76116006)(66446008)(66556008)(64756008)(256004)(110136005)(14454004)(229853002)(6246003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR2201MB1298; H:BN6PR2201MB1700.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7IVwVdmIcMsYwO8GTd7umpW2Vioo4U2QLErPEGic7ZW3SX2gs9E8qH5bTVyo9O63zWjaPp5m7TW9XJESeEp2DK/ZdyZiOzrqOntAVWVMBxDAw5O4pR60LcGPlwTQ1Ms0MEB0QKNkl7cM7S8RK+CNSjHBQVtZlceMEXIv3vOUPGO16xVQIjJwGRaTkn/zZ+VFjK+eBxYgt+eBKPlmAhnMo0QfEXsoZHvSSKXQ+o89CjVaNQJkBURiLSLifFu5kChcAXI7/YxLmlfkm8C3UXb7NnqXY9HzlktDBCxLFPtNLvNaTBvOujpDO24zGNLPvVP3uMOShPnuccvqYxOwtqiuGq/92Z3pKc5jn+OtcwqJKfCWH9iaQ8ErqHqum/EyBE+osKKFB/RG9EJf0GjamWGBP6asNu+5Gys4avtjVII6JRbFOrItdn5r3hFMqu+fAUA2
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 5b8c4e34-ec34-4026-140a-08d75d503ae9
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2019 15:45:45.8377 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gcjEgxXheW79wutgkZwjdHLZAKbmI/ZhDFzC3iNVQnsVhHqraoSu4ntnhwhZWe50l4HFfbEXSXTqgLj5Nziv4g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR2201MB1298
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/9Ip3oH1l9Zlr2k4fgfxKi5P4Eco>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 15:45:52 -0000

And this is the piece I'm not getting, I think.

The minimum requirement for the server to know the client got the whole handshake is to receive the Client Finished; receipt of any 1-RTT traffic from the client demonstrates they derived the correct keys.  The server can drop Handshake keys at that point.  However, the server can no longer retransmit the ACK or even know if it was delivered, so the client needs a reliable sync point based on 1-RTT traffic to know that the server received the Client Finished.

Since the server can send 1-RTT packets before the handshake completes, receipt of 1-RTT packets isn't sufficient.  Since the 0-RTT and 1-RTT packets share a space, receiving an ACK in a 1-RTT packet isn't sufficient.  The client knows that the server has seen the whole handshake once it receives an ACK of a 1-RTT packet.  As soon as any packet sent in 1-RTT is ACK'd, the client can drop handshake keys.

As you explain in the other fork, organic traffic isn't sufficient, so we have to force something into 1-RTT to ensure these signals happen.  If the client sends HANDSHAKE_DONE in 1-RTT, probably coalesced with Client Finished, that's an ack-eliciting 1-RTT packet.  The server will ACK it; if the ACK gets lost, the client will PTO its 1-RTT packet and the server will ack *that*, and so on.  Eventually the client gets an ACK of a 1-RTT packet, which is what it needs.  It drops keys.

If the server sends HANDSHAKE_DONE upon receipt of the Finished, that is a more direct signal, and the client can drop keys upon receipt of that frame.  If the ACK of the server's HANDSHAKE_DONE gets lost, the server will PTO it, and the client will ACK, and so on. But those things aren't really necessary -- the client and server have both already gotten their signal.  I can see the appeal of having the server send it, so that we're not driving off of ACKs of particular packets.

The only reason I see for both sides to send it is distaste for implicit acknowledgements, trying to avoid letting the Client Finished be what tells the server that all its Handshake data clearly made it.  Is this just preference for one solution over another, or is there a technical reason I'm missing?

-----Original Message-----
From: QUIC <quic-bounces@ietf.org> On Behalf Of Martin Thomson
Sent: Tuesday, October 29, 2019 7:46 PM
To: quic@ietf.org
Subject: Re: Consensus Calls for Transport/TLS issues, post-Cupertino

On Wed, Oct 30, 2019, at 05:26, Mike Bishop wrote:
> Therefore, ACK works iff we *know* that the client sent something 
> ack-eliciting in 1-RTT.

I think that you have to make it symmetric, not just "client sends".  Because we don't have implicit acknowledgement for Handshake packets from the server, the server can enter the same state that the client does in Marten's deadlock scenario.  In other words, both need to send something ack-eliciting.  And it's not just anything at any time, it has to be anything within some bounded time.  The upper bound is probably high, but it is at least before the Handshake packets consume all the available congestion window (which might be a long time, but I haven't worked out how long that could take).

> So one solution is to require clients to send

....and servers :)

v2.23.0 | Report a Bug | By Email