Re: Alternative ways to keeps ODCID on the server
Christian Huitema <huitema@huitema.net> Sat, 25 January 2020 05:11 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E021C12011C for <quic@ietfa.amsl.com>; Fri, 24 Jan 2020 21:11:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7xKvgTUZ28ES for <quic@ietfa.amsl.com>; Fri, 24 Jan 2020 21:11:00 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A00AC12004E for <quic@ietf.org>; Fri, 24 Jan 2020 21:11:00 -0800 (PST)
Received: from xse76.mail2web.com ([66.113.196.76] helo=xse.mail2web.com) by mx105.antispamcloud.com with esmtp (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1ivDih-000858-FP for quic@ietf.org; Sat, 25 Jan 2020 06:10:58 +0100
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 484PH200lHzDPr for <quic@ietf.org>; Fri, 24 Jan 2020 21:10:54 -0800 (PST)
Received: from [10.5.2.13] (helo=xmail03.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1ivDif-0007MZ-SN for quic@ietf.org; Fri, 24 Jan 2020 21:10:53 -0800
Received: (qmail 9842 invoked from network); 25 Jan 2020 05:10:53 -0000
Received: from unknown (HELO [192.168.1.105]) (Authenticated-user:_huitema@huitema.net@[172.58.46.251]) (envelope-sender <huitema@huitema.net>) by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA for <quic@ietf.org>; 25 Jan 2020 05:10:53 -0000
To: Marten Seemann <martenseemann@gmail.com>
Cc: IETF QUIC WG <quic@ietf.org>
References: <20200124222434.GA8279@ubuntu-dmitri> <7b228c14-c0d3-6458-77ab-945e713ef429@huitema.net> <CAOYVs2qhPBtbjrVEXE+oMXWUWRBqhzDfZsiOatRW5Zd67e1sWg@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Subject: Re: Alternative ways to keeps ODCID on the server
Message-ID: <ee0f625b-b260-9e3d-12b6-80291fc110eb@huitema.net>
Date: Fri, 24 Jan 2020 21:10:53 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <CAOYVs2qhPBtbjrVEXE+oMXWUWRBqhzDfZsiOatRW5Zd67e1sWg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------6644F2EAA31BD141E322892E"
Content-Language: en-US
X-Originating-IP: 66.113.196.76
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.76/32
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.76/32@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0Xm17NJf4el5vffImWwWrhCpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDcnqpk5VeF3xR4kF6iVwRtbgN zB/4Jkrw1eDLcif59fszEzXKmn63swpHo/PelNqAU7Tmz6iKnkQL9gqsxD347235Nhqq+/HvroPq 8GSPg+60/QPNqXybIny9WGhadIo/G0KF6HkLuWi8fS7fvK7Hsbyme9ldZJ7uNXfg/GfS8fUvP/L5 rCqHDsKZM+xa1iwJX+gRCHfMVnsAk591zk0uilUI+ZL4xWiN8NS6C+dmX6OEdA4u1aThyWrQ/ou2 +v/lmX4Em37yFgrCB6NHRn1g+f3uncIqYSL3lhh5c81YyJqFoLZMmkWsaurVZfvqROaDnDtHb8z5 dpPkEuJ8Snwqla7jUnW3hy14Yji8fo+4xCnSRo4Rcu5Z37rMuDjCny5fE9ykbJ7I9co1MAEE3ruN Xsm8UJsAPvDcVSKtDCYkioPY5Qx4fJOk03R5fJtf/Dv/dkIzS7m4GUpXCY1Y3j3ilWEbX+OBfQvZ a2Z4uSB28NLsVfldh9QC5asKXSds+jxTE2178q9+io3QjGp37HglmXgGKVfhC8zq9PE22YzskJf0 lSfuxANzRU5MAZzTOSGBXmU+7Bi0hHs5Xv3mbYdSg/KY2AXNZGS5G93aGyH8MqMNONNOB63tZ91H 4Bn0Oix6QdNdUv0AhDIVja4pEVuz/JxMPnetLBJMh51NiRRoHIAB2kNBUEwtDRIYyiaSWeh/miK7 x42VjdzChZMe6O/DiWiiIzuXMTE3l4bIsk+O50vnufqXdvUcknHtggd4AM9V08QV3No+S2msRDep v5w/kkG0v17AmegcpQ0tml/sN9lmMy/o83jVXTcfb9k0nLWblJy7uxV6dw8jzlsaNZe6hynMJcjx DydxsJEju76A7X1QIVydqXpZ6MHhiKws9Iiut28r9wo4SqUIg8Yh9hAM0n3LLzx/F2gT3wl8JQJv Bho=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/KjTvDi-sE4kROh-K-emWRvFdk2w>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jan 2020 05:11:03 -0000
On 1/24/2020 8:41 PM, Marten Seemann wrote: > Then it's not a *Retry* token, then it's a NEW_TOKEN token. > It's a kind of subtle distinction (as I noted in > https://github.com/quicwg/base-drafts/pull/3107#discussion_r349859380). I understand that they are different. But look at the text in draft-25: If a server receives a client Initial that can be unprotected but contains an invalid Retry token, it knows the client will not accept another Retry token. The server can discard such a packet and allow the client to time out to detect handshake failure, but that could impose a significant latency penalty on the client. A server MAY proceed with the connection without verifying the token, though the server MUST NOT consider the client address validated. If a server chooses not to proceed with the handshake, it SHOULD immediately close (Section 10.3 <https://tools.ietf.org/html/draft-ietf-quic-transport-25#section-10.3>) the connection with an INVALID_TOKEN error. Note that a server has not established any state for the connection at this point and so does not enter the closing period. Invalid is invalid. An invalid token is something that the server cannot parse. The server does not know whether the client got the token from a retry packet or a new token frame, or just made it up with random bytes. -- Christian Huitema
- Re: Alternative ways to keeps ODCID on the server Christian Huitema
- Alternative ways to keeps ODCID on the server Dmitri Tikhonov
- Re: Alternative ways to keeps ODCID on the server Marten Seemann
- Re: Alternative ways to keeps ODCID on the server Christian Huitema
- Re: Alternative ways to keeps ODCID on the server Ian Swett
- Re: Alternative ways to keeps ODCID on the server Dmitri Tikhonov
- Re: Alternative ways to keeps ODCID on the server Dmitri Tikhonov
- Re: Alternative ways to keeps ODCID on the server Kazuho Oku
- Re: Alternative ways to keeps ODCID on the server Marten Seemann
- Re: Alternative ways to keeps ODCID on the server Christian Huitema
- Re: Alternative ways to keeps ODCID on the server Marten Seemann
- Re: Alternative ways to keeps ODCID on the server Kazuho Oku
- Re: Alternative ways to keeps ODCID on the server Christian Huitema
- Re: Alternative ways to keeps ODCID on the server Eric Rescorla