IETF Logo Mail Archive

Handshake costs 2-RTT when token validation fail

Jiuhai Zhang <jiuhai.zhang@gmail.com> Fri, 12 July 2019 09:45 UTC

Return-Path: <jiuhai.zhang@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF76F12033A for <quic@ietfa.amsl.com>; Fri, 12 Jul 2019 02:45:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.703
X-Spam-Level:
X-Spam-Status: No, score=-0.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MP8S1JB0VrmY for <quic@ietfa.amsl.com>; Fri, 12 Jul 2019 02:45:44 -0700 (PDT)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36FBC12019F for <quic@ietf.org>; Fri, 12 Jul 2019 02:45:44 -0700 (PDT)
Received: by mail-lj1-x236.google.com with SMTP id m8so8705706lji.7 for <quic@ietf.org>; Fri, 12 Jul 2019 02:45:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=dPEqP77XL65jU57JVaWZgYgZVeWuUwLd6BJyt2NFyKc=; b=X+zcrBAriw5inLRJlQzme20JwdiaJng/Q55yRwH5OrkEm3/NcK56aoCNgLg/MslhRD JfPHz67Rfts/kxOuKu8SrN9GBEY9zrOb3H3OiWxaMUJ0HShOLggJLGxIvvUD6rxIBXa6 067/yqiSA6lr447JenTt9MgbVr2JGygsLM/OzOOkPsqll2WqUgF/OPck80jAG0dbZwjN UGjvOqBsCGv5STgiao1dh5L77Zzjnfznn5dYEihAAuYj/XOwPxluCQI8q5173a4i3Ppo Mcz7lR+8O81x+rZG1wsno2Ha8ADrTzbIHQEuivyONNIZAcwPc5xNpmIBJ+wFdTXF4sZM IGBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=dPEqP77XL65jU57JVaWZgYgZVeWuUwLd6BJyt2NFyKc=; b=Ppr0Ir+0Lvcqz+Md1xYEQ4RE/tX6/I1aNliIJ0lcH82Y+b1/j7dKPdI9/YYneWpw2j C13UxYX6ccDOA6S6D+MEPirY2mLOIlyZmWIAcKDNuVo9Hg8JAAVLEom8Goy2BGoVjClN Bs7KMrRrU+zEB6gpilwMpWWWDZlup47xPc5NyK910a7HybLlqLxRKlaYProdzhdE9gm5 VSmZLtHEwOQvgaLhmz0xfeen8TL6HPE5BBauu3cbuVp9k7JfL5Pm+8njWUW106kWQEJY OoV7x0POKTwyhkjnolg2zpQRMWdMRV1p05Z8f3ARfEVBySyuXDnwMy5rUCg5xoXUt1yO 43EQ==
X-Gm-Message-State: APjAAAUnmv2tWR2NkYQDK51cJpqYNt8PTkZY+ckKTSQVGkA1M4f/9Ohx 9nO5NHDp1lwnQFboopa5f0PbtezYcDMmn0wkzsUD1w86
X-Google-Smtp-Source: APXvYqyGqqwYVLwUfCaOkwD6b4CRbg6vOaOAAInjolDZihHdrx4KQ1RHTmrHVXqicQJ/V7BwKYwA7V/KVvYrLtXErWE=
X-Received: by 2002:a2e:534a:: with SMTP id t10mr5147446ljd.109.1562924742331; Fri, 12 Jul 2019 02:45:42 -0700 (PDT)
MIME-Version: 1.0
From: Jiuhai Zhang <jiuhai.zhang@gmail.com>
Date: Fri, 12 Jul 2019 17:45:31 +0800
Message-ID: <CAG9+TpZgzncJF_TCode98QhxKM4wZhPUfSKkQhOCZJ05scW2kQ@mail.gmail.com>
Subject: Handshake costs 2-RTT when token validation fail
To: quic@ietf.org
Content-Type: multipart/alternative; boundary="00000000000013d17a058d78c6d7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Iu-4V4Z2ZXLiax8avaQUp42Kaq0>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 09:45:46 -0000

Can server continue to handshake when token validation fail? Client

may send new token in Handshake packet.

Just like this

Client                                                  Server

   Initial ->

                                                   <- Retry+Token
                                                   <- Handshake

   Handshake+Token->


Is there other solution to avoid 2-RTT?

--------------------

Client                                                  Server

   Initial[0]: CRYPTO[CH] ->

                                                   <- Retry+Token

   Initial+Token[1]: CRYPTO[CH] ->

                                    Initial[0]: CRYPTO[SH] ACK[1]
                          Handshake[0]: CRYPTO[EE, CERT, CV, FIN]
                                    <- 1-RTT[0]: STREAM[1, "..."]

                  Figure 5: Example Handshake with Retry

v2.23.0 | Report a Bug | By Email