Re: Transport Draft Comments, mostly about error handling
Ryan Hamilton <rch@google.com> Fri, 18 August 2017 22:22 UTC
Return-Path: <rch@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A7611323A5 for <quic@ietfa.amsl.com>; Fri, 18 Aug 2017 15:22:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T9jtFShJf3Bd for <quic@ietfa.amsl.com>; Fri, 18 Aug 2017 15:22:32 -0700 (PDT)
Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F98D1323A6 for <quic@ietf.org>; Fri, 18 Aug 2017 15:22:32 -0700 (PDT)
Received: by mail-wr0-x234.google.com with SMTP id 49so65481954wrw.2 for <quic@ietf.org>; Fri, 18 Aug 2017 15:22:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0I7FhDSg736k+tKw6r9QL94I5vuJsNC+qed3/STUb1A=; b=D7777xXgvzMnpxslkPH8yh7X58JRAb4DMr9v9jSYwI6I1oXLrSya0C47krIpAJ2cZ1 sNIyrtALhtnJVhzzcjxc/KmbzRkuaWOrFzsx3YxA40tBwKoluzJI6gghWYcDr7TZZ7/N hQ1qh4mhAyYN9P0hEpYloUO0tnMZuUSQNjvm1LSrghXBE50Zqeh1BNfbKb9OtrRUxihF f8VzozVeZSomcObPgCxI1zbIbUGr2z3lJk6+wLAIKY5gifMBw40QzSKpgyukhBpZUHpG E6gqaCiL5hrkxH1GFpTEDS9nUWA+W2bWNv8GKIpUJ3GMHLNWtq7BWpKB/O6qTSjr9P6L nzgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0I7FhDSg736k+tKw6r9QL94I5vuJsNC+qed3/STUb1A=; b=bA0SoRPEQJ6TMiZDmlr92geJSi3KsbGsh1/8O1g1BKPdCaqqp8fG9p6BCHNXhfnmbI TOJ2YZRPN0aMcAEx6JY3RxWqkcCtkHL/9tQkr3A92wg7Sde2d0lpa3GJP4yB3CHMGXxx LcFra2cuWIy+sdTVTZCNmHaHqaulzq7WQgUpjMzyJx+kqsIrwtZZCWO/9poSBlmrJVpZ JI44hzJsez8DHsIDTYic55p6kT5utJ6dZt/M5w4+KzLekEAUnqukkcbK5iTP8Qf/5/Rr stQusXAaxTVLoIKQLyt5G7tiew+U8E3IiwEEURXOxG91plsMNJNvpG0rnROHWOLalBgC lAcg==
X-Gm-Message-State: AHYfb5hFXPcvwR4e9fRKe51i69lSBf3jkJK6Jwhqb/BRDYL0tfs53wIN gnk3x3yrhDSzk6U21LLBmZS4HgEk9LJG
X-Received: by 10.223.173.182 with SMTP id w51mr3022873wrc.113.1503094950495; Fri, 18 Aug 2017 15:22:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.163.193 with HTTP; Fri, 18 Aug 2017 15:22:29 -0700 (PDT)
In-Reply-To: <CAM4esxSRoeXRcKwS5CCWpUC-MrrSWrDM6VXJ0584Meon_ZfDrg@mail.gmail.com>
References: <CAM4esxSRoeXRcKwS5CCWpUC-MrrSWrDM6VXJ0584Meon_ZfDrg@mail.gmail.com>
From: Ryan Hamilton <rch@google.com>
Date: Fri, 18 Aug 2017 15:22:29 -0700
Message-ID: <CAJ_4DfSp++cPnzF-M9vZZk1TNH5WGSsQ0yDH3GwTLfJYWmrQ0w@mail.gmail.com>
Subject: Re: Transport Draft Comments, mostly about error handling
To: Martin Duke <martin.h.duke@gmail.com>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="f403045cf65e96c78805570e9070"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/H6jbRuHIVrWnyYucTL0aw9jrXFY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Aug 2017 22:22:34 -0000
On Fri, Aug 18, 2017 at 11:37 AM, Martin Duke <martin.h.duke@gmail.com> wrote: > I'm deep into implementing the handler for a stream frame straight from > the -05 spec, and there seem to be a lot of ambiguities in the errors, as > well as things that should probably be prohibited: > > (1) Section 8.14. Stream Frames for Stream 1 and above MUST NOT be in > Cleartext packets of any kind. > > (2) Section 12.2 Stream Errors: We need to have some sort of special > considerations for handshake, especially cleartext packets. In particular, > any sort of cleartext packet that triggers an error should be dropped > rather than causing RST_STREAM or CONNECTION_CLOSE. Otherwise it is > trivially easy for a man-on-the-side to abort connections. > While I'm with you in spirit, I'm not sure about this. One downside of such an approach is it means that if the peer is actually broken, the local endpoint must keep the connection alive until it finally decides to abort the handshake. I'm not sure how desirable this as. As for attackers, I suspect it's just as easy to close the connection will a well-formed packet than it is with a malformed packet. > I believe, by the same logic, that bad 0RTT packets should simply be > dropped rather than reset. > > As I see it, there are two possible responses to problems processing the > stream frame, each appropriate to different situations: > - Internal error that doesn't break the stream (e.g. failure to allocate > memory for the stream reassembly queue element): drop the packet -- make > the peer retransmit and hope it works next time. Also do this for errors in > cleartext. > - a stream error that still allows the receiver to find the end of the > frame (e.g. STREAM_STATE_ERROR). Send a RST_STREAM for that stream,but keep > processing the packet. > > If this analysis is correct, it would be nice to specify it in the draft > explicity. > > (4) Section 12. Error Handling: If a peer initiates an odd stream when > it's supposed to be even, or vice versa, what kind of error is that? Is it > a stream error or connection error? > > (5) Section 12.3 Error Codes: For a Frame Error on a STREAM or ACK frame, > is the last two bytes of the error code the whole flags byte of the packet, > or just the mask (0xa0, 0xb0) of the frame type? > > If I am not way off base on some or all of these points, I am happy to > create issues or PRs. > > Martin Duke > >
- Transport Draft Comments, mostly about error hand… Martin Duke
- Re: Transport Draft Comments, mostly about error … Ryan Hamilton
- Re: Transport Draft Comments, mostly about error … Martin Thomson
- Re: Transport Draft Comments, mostly about error … Martin Thomson