IETF Logo Mail Archive

Re: Fast Address Validation - about

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Wed, 30 October 2019 13:56 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C1C8120112 for <quic@ietfa.amsl.com>; Wed, 30 Oct 2019 06:56:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uhp2AGYg-Rbw for <quic@ietfa.amsl.com>; Wed, 30 Oct 2019 06:56:05 -0700 (PDT)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AA3D1200DE for <quic@ietf.org>; Wed, 30 Oct 2019 06:56:05 -0700 (PDT)
Received: by mail-ed1-x52a.google.com with SMTP id c4so1836412edl.0 for <quic@ietf.org>; Wed, 30 Oct 2019 06:56:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=GWbS4qMg+mM62dLJLcicy2r7kUAk8CgocRAE0EFlE34=; b=g5S6tUXJ375ETlseQbPf/DpRbBM6mibuKjujlZB2VI6ISKshClfz96c20LsiOLEm57 RSRizzLl8LBZGppZnWQzaCNuDzoEb5WWIObfOGxaalO5BgASst8vmY8Jblam7LExlPKV IoIMuRfOlhd87FPO9zrfr4K74aBU1qRFXtkDfq1XVy2D3hydriFo+v8ybusB+0A7+bN7 39fAnXpbAaVbLmLcm8CPd+ZLQL1Ji+sUsl3+ktLBglxBzriZtswyf+O0RWLMcUem9rOO buPLrCOnHTbedUBYjSX0oCuTIwrfmlrG5cCeR/7/93z5G+7d/Vn940sNttAJq3F6C05m CwdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=GWbS4qMg+mM62dLJLcicy2r7kUAk8CgocRAE0EFlE34=; b=sGLvAzYzrKFXEF8phhJ6rCHkiRibDo0VUAJFTBETzTGrMtZHVBeotokWFIoUT8GvIG cBYWhnTjgNsv60el/y+ey7vaqSvqoA116TlC61zC1XoVyUUOZJDRae/9Z20Uy/zwb1jf H52l3kU+FQwdCEHwuYI1L0Zbk5JGqF1lkG3ANQYf/Y7eYWEBseqX4JahCb4hO3f42oHV sa1+efwmirCKWDu52mgkSokzVzSvg/pLv5OWuvkrrajSJMZGoZKkb1Wf0H0wctJYgLii 9HcpHx/ekjWPOY6NaaJxARvsyjFmQV9hyVKJCXOFgwa/gWNKhYyzs98Tu4uu6ZcGU/or NdsQ==
X-Gm-Message-State: APjAAAUQuORgXAMYmrwMRZPFFX+vWZCR5gtJ3MyOG15nrGRoU5DdzvXR An23vsKRYa08tT80BC5EJt1FFSV2f+iPhsXJGE8=
X-Google-Smtp-Source: APXvYqxy6EGMqmqZorHJeWgFRBrLGDo6K1hR6TEh5OBHKOQ2BOLm0icLW5fq53TSimfjirHGJK/44FhyPmybjpbcnME=
X-Received: by 2002:a05:6402:488:: with SMTP id k8mr31611307edv.293.1572443763839; Wed, 30 Oct 2019 06:56:03 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Wed, 30 Oct 2019 13:56:03 +0000
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
In-Reply-To: <4974ed86-0fa9-435d-880f-80af637ef180.anqing.aq@alibaba-inc.com>
References: <4974ed86-0fa9-435d-880f-80af637ef180.anqing.aq@alibaba-inc.com>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Wed, 30 Oct 2019 13:56:03 +0000
Message-ID: <CAN1APdfEiihMASty4N1+ykCi-WQE6NC_nB1RJeUfKJuiuK6S0A@mail.gmail.com>
Subject: Re: Fast Address Validation - about
To: Qing An <anqing.aq@alibaba-inc.com>, "jri.ietf" <jri.ietf@gmail.com>, quic <quic@ietf.org>, mt <mt@lowentropy.net>
Cc: "刘大鹏(鹏成)" <max.ldp@alibaba-inc.com>
Content-Type: multipart/alternative; boundary="000000000000f915b0059621179f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/9e0M6dtkVfSYx5XIk7fjGVuDrOs>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 13:56:07 -0000

Please keep in mind that Retry can be used by a server that does not want
to spend resources on the handshake and to redirect traffic elsewhere, it
is not just for validation. And when it is not a redirect, the server might
want the roundtrip to make sure the client is really interested and able
before committing resources to process the handshake.

Thus, trying to optimise this step might work against the idea, at least
for some use cases.

Mikkel


On 30 October 2019 at 14.41.29, Qing An (anqing.aq@alibaba-inc.com) wrote:



Hi Martin, Jana,

I read through https://www.ietf.org/id/draft-ietf-quic-transport-23.txt
and have
a few comments and ideas to discuss.

[QUIC-Trans] defines a token based scheme
to facilitate address validation of a client. The token MUST be covered by
integrity protection against modification or falsification by clients. The
server remembers the value it sends to clients and validates the token sent
back from a client. In its design, Retry packet is used to deliver the token to
a client which address has not yet been validated. It voids the first
transmission of the Initial packet sent by the client,
and triggers a second
Initial packet to be sent with the token. The exchange of token will cause
longer connection establishment delay for a client.

To improve the efficiency of address validation during handshake, one idea
is that the same token can be
exchanged via a different container i.e. the Handshake packet, that
eliminates the use of Retry packet for token delivery.

I am working on the complete draft and will submit it by Friday. Before
that, hope this can be discussed in email first.

BR,
Qing An

v2.23.0 | Report a Bug | By Email