IETF Logo Mail Archive

Re: KEYS_READY

Martin Thomson <mt@lowentropy.net> Thu, 14 February 2019 02:33 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5057130EDC for <quic@ietfa.amsl.com>; Wed, 13 Feb 2019 18:33:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=TKeU0CDb; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=3dO+pcjB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BYigiR1bOPR0 for <quic@ietfa.amsl.com>; Wed, 13 Feb 2019 18:33:27 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A685130EBE for <quic@ietf.org>; Wed, 13 Feb 2019 18:33:27 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id C16F52202A for <quic@ietf.org>; Wed, 13 Feb 2019 21:33:26 -0500 (EST)
Received: from web3 ([10.202.2.213]) by compute1.internal (MEProxy); Wed, 13 Feb 2019 21:33:26 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=message-id:from:to:mime-version:content-transfer-encoding :content-type:references:date:in-reply-to:subject; s=fm1; bh=+5R IYKdzYlqCwu3DVz/0aqgF3djtT33vUEvhC4KKka8=; b=TKeU0CDbIMD2fCNXhWp HK0HMCsb9x2dUEuXicSfk6ic8/PTC6gAL8lN8NoSMzX5E6xxhyip3fiJ3LzMKdIl HDY+vPLm5QkjiNF7iUDNqE6P3z7DCqrY/aOBu6mQIB8HWSrECx7BYx0ELnfSdPst qTmMRku8HnC0uTuauHqUrf22VOgAbKTUwLpWlgY20eEgNcgJ06w1VgU3aQcrIR51 L7UlPH6geECLSY//EN4wsRzW03KL2tfi4/lZsnCW9CHYOIo2BKH0iEWTy/IfjClY 17M+WV2L9L7lcMXpZO5LR5s7uh6ucx8/tFYDVn2Qtv9PKKjfsnVT4bajd7+lxkUU 69Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=+5RIYKdzYlqCwu3DVz/0aqgF3djtT33vUEvhC4KKk a8=; b=3dO+pcjBRfg4EBtRs/npFaYQhDRKb2pEt5nGlCNl+j5qaH2ZUEwnbnkcq IxEWW0Jyg3jpdKy+5DmXiVZ0pFHMDa0C4M5VFOCx0l8x3GqYECzFMyujZBToEWEl Jtfjvq4KVM1OR5bkgTxwWah/C9gvBnC6KHwl9zMYKHcmhu2hOCXFB9abMjx/nl6T tz/Ms7PwQe2JK3W2xeabF7uK4seVuaLUr8vh6DEJy/DU8yN/iL5oM2wn7gFkdukB epOPaE3M2vpGA5GTd99Eee8QSI7V2KXkSTSqlFgq8BtMgaIhUmyYLbMvVmiIbKHZ 4SIymlYNH1Y73pNlml8dpgAaXS5KA==
X-ME-Sender: <xms:dtNkXKtj0X5q1OX3qAPzCgrHxT-u6opDv6k8jofpKdBAvwUreWCnEg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledruddtgedggeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegrihhlohhuthemucef tddtnecunecujfgurhepkffhvfgggfgtofhfffgjufesthhqredtredtjeenucfhrhhomh epofgrrhhtihhnucfvhhhomhhsohhnuceomhhtsehlohifvghnthhrohhphidrnhgvtheq necurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvghtne cuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:dtNkXLcPDyu6iXMYbcpAXw6kcaI-O_6SEymImk6mm3YsPjIVBj3uRQ> <xmx:dtNkXH9r_44m1yWtwcmeYQMNJzwpxTYHuHvDErShINkZjZwOAvDyEQ> <xmx:dtNkXGS_HMuaPTw8YmEkKmhrDXm9M-xwBEGG5TF69mMjNDt6IdpLVw> <xmx:dtNkXPqNEDDsliMofO5hD2c2TxVFzgKyeyGIh8y8GzuP--jnqmImpQ>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 616B09E560; Wed, 13 Feb 2019 21:33:26 -0500 (EST)
Message-Id: <1550111606.3717440.1657643080.033E200B@webmail.messagingengine.com>
From: Martin Thomson <mt@lowentropy.net>
To: quic@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-e97eb308
References: <1550022355.557617.1656828112.4DD1CEE6@webmail.messagingengine.com> <CANatvzy_juza_meGR_-KuBV9FA=F754mv54aawxMb8hYWxb1gA@mail.gmail.com> <CAN1APdcVYKWuapZ3XHxXa_nVACwkRD-xeF3ub-5ROttE7QVrmQ@mail.gmail.com> <CAOYVs2ooxAuwu_zr2XZ-y9UqUP5kTbjoFrckAOi40bF9vODGOg@mail.gmail.com> <CAKcm_gNk=jKrnXM4Ht4yF0RX25wtVifjxz0c1gay0uie7PMw6A@mail.gmail.com> <CANatvzxBYzEaDZ1Ftt=o1zT5zVcVTd1EwtGiJOC-mkrNUWzVAQ@mail.gmail.com> <CAN1APdfzepc9DE98UsWw=hB4dM38qKLxdAjpsYuddDBatcscDA@mail.gmail.com> <739AFC55-DD02-47AA-A29E-B9C34ED7D6F9@gmail.com> <CAN1APddWLdmRo+ZZDnmvrBEFQk4TTcS3UK_9AU4KqAeSkiBvJQ@mail.gmail.com> <375A63C5-7120-4688-8873-EEA90693332E@huitema.net> <CANatvzxoOFzpkcH_4VpQscpZq8ak0QL0D6REvyJVjE+ga97SVQ@mail.gmail.com>
Date: Thu, 14 Feb 2019 13:33:26 +1100
In-Reply-To: <CANatvzxoOFzpkcH_4VpQscpZq8ak0QL0D6REvyJVjE+ga97SVQ@mail.gmail.com>
Subject: Re: KEYS_READY
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/P9Q2jdC1I6xZFAXjMsAgXX27-n4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 02:33:36 -0000

A few different responses...

On Wed, Feb 13, 2019, at 23:59, Marten Seemann wrote:
> I agree with Kazuho that using a bit in the first byte seems to capture the
> update logic we're looking for better. There's no need to retransmit any
> information, since the bit is set on every subsequent packet.

I was OK with that PR, and while we might go back and forth on the merits of using a bit vs. a frame, the consensus in Tokyo was that the frame was superior.  Also, this solves more problems.

On Thu, Feb 14, 2019, at 02:48, Kazuho Oku wrote:
> IIUC key updates are rare, and therefore the frame can be non-ack-
> eliciting. FWIW, the current design does not elicit an ACK in response 
> to key update.

I used the opposite logic.  Key updates are rare and therefore eliciting an acknowledgment does not cost much.  It's one packet per update.  The interesting thing there is that you guarantee that KEYS_ACTIVE frame is sent, so maybe the text about not sending it until you have something to send is not needed.

On Thu, Feb 14, 2019, at 09:09, Kazuho Oku wrote:
> 2019年2月14日(木) 3:20 Christian Huitema <huitema@huitema.net>:
> > The more I look at it, the more I think that key update / key ready should be treated in much the same way as path challenge / path response.
> 
> I am not sure if I like that alternative, primary because it does not
> seem right as a way to drop Initial, 0-RTT, Handshake keys. We are
> trying to address two issues at once; how to drop those keys in lower
> epochs, and how to do key update correctly.

The test we are looking for is whether a peer can read packets with a particular key.  You can test easily if they can write packets with a key because you receive a packet protected with that key.

PATH_CHALLENGE/PATH_RESPONSE have baggage, so I don't want to use those.  A new challenge/response could work, but it doesn't offer much over a simple assertion (which is what the proposed frame is).  If the assertion is wrong, then the consequence is a broken connection, so there isn't much incentive to get this wrong.  PATH_CHALLENGE/PATH_RESPONSE contain a field that protects against lying, because there are scenarios in which lying provides advantage (that is, the "DoS this IP please" case).

v2.23.0 | Report a Bug | By Email