IETF Logo Mail Archive

Re: Split error codes in two

Jana Iyengar <jri@google.com> Wed, 06 September 2017 00:59 UTC

Return-Path: <jri@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 194CE132E41 for <quic@ietfa.amsl.com>; Tue, 5 Sep 2017 17:59:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MiRQpFvsKJks for <quic@ietfa.amsl.com>; Tue, 5 Sep 2017 17:59:34 -0700 (PDT)
Received: from mail-yw0-x232.google.com (mail-yw0-x232.google.com [IPv6:2607:f8b0:4002:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E96DA1252BA for <quic@ietf.org>; Tue, 5 Sep 2017 17:59:33 -0700 (PDT)
Received: by mail-yw0-x232.google.com with SMTP id s62so2377496ywg.0 for <quic@ietf.org>; Tue, 05 Sep 2017 17:59:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=79kLrHUTKJbDekg5y/+ZqwuHYIt0fXOaB4KsSb4c18o=; b=a4Qa8VPWczFvsx1KjO4x6M2eudmB7k6xJI0FmKrQDOrU2sJGqXekOq+HWl/jK6BzyJ OlEaSeCBs1IeWz0F3FDSIqUhbj3eyc5OI9BVSN/qQK9KlveVap/qNAwFtc0fnNV0TnT7 qLwCwOWwu+AstYYHcOUc2WrMpw+FKjHRZbwTuVASk+pRAI6KdcsuPSCqVu+BK0t7m6HV D8saaDwKelO3lt6QfyhHfioWM6rc6YcusUBgrSK7PFGZlrg6ADWBqw0KLCwad/nBJWp2 iJrdH4JS9YbrNN3vUwOf/3AnUR5jVW1ZHLhK2WEXOue5UJqKV9hpDJzPAMEOd1p8HrZP loYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=79kLrHUTKJbDekg5y/+ZqwuHYIt0fXOaB4KsSb4c18o=; b=nxmIneH0FsgS2p5fuWxJYEith757IZSWrxdRAl2elAv8C996an+e2FH3ztz+JC4EAG jfN/weqlbU2W0H5uhu1/6FTKXQrEKJmwiEpukf9WrJo+z2r/Hy1M+gjD1Llc/+rT0IY+ Fn2fNJd7CrBqY8J56QXtqH7jJ4FFix9oaWEbpOQ2OBDnLmC/hUjfrifrC3QBsM7MFSgl HXBjfcIAodf7fo4hRdHr8SZEtuw4V7BCLwUU11QZ5y6e7KvILwATLDYuyIbCSYMfJio7 rrghcB83KKtCE6uelWBJc/nJIkilg3wBwwP5smog7H4c1AdYBsL9SOhnzOJoAIxRIzea zl3A==
X-Gm-Message-State: AHPjjUisrWqKNE7PC0rhUYWXy5IKmDUvY+lFrY/V7ppUGdcNaVhA9S0n tMwiibLkruEX7faJ09bvcZfucyxsQfv/
X-Google-Smtp-Source: ADKCNb5IZMPsHG2ERQKiRrGAgrz19+AVDABnIkkSX0AyG/gU0YTRddNdVDwZ6YBsgtPumsU4cHcMmR+WIgrusMtosWM=
X-Received: by 10.37.203.207 with SMTP id b198mr755188ybg.226.1504659572831; Tue, 05 Sep 2017 17:59:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.118.133 with HTTP; Tue, 5 Sep 2017 17:59:32 -0700 (PDT)
In-Reply-To: <CACdeXiLS7W8cJbnT=orHkcd9reH=8QqhOzxWnUEpWZmfcdvd2g@mail.gmail.com>
References: <CABkgnnWwGAyHzkST9o9ueVmBw3_TpJun=dv2X+HL2snXSZJgew@mail.gmail.com> <CAAZdMafBWFWtC7A60P1CMm_6nUnbW+_Tx_7re1bAo7Vx2kLdcA@mail.gmail.com> <CABkgnnWphw3k=f3==2y3AhexQCj9Py50SLSEH06nN3MN0SCerQ@mail.gmail.com> <CAAZdMacHC1HKhXMR4G9CKUOmYyQMsQBab+tampP-PG6n_jJZoA@mail.gmail.com> <CACdeXiLS7W8cJbnT=orHkcd9reH=8QqhOzxWnUEpWZmfcdvd2g@mail.gmail.com>
From: Jana Iyengar <jri@google.com>
Date: Tue, 05 Sep 2017 17:59:32 -0700
Message-ID: <CAGD1bZa-h0ZVh7kUYQtG3r93eH6TqRXnQ6YXAcscCrCQHk8LeA@mail.gmail.com>
Subject: Re: Split error codes in two
To: Nick Harper <nharper@google.com>
Cc: Victor Vasiliev <vasilvv@google.com>, QUIC WG <quic@ietf.org>, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c0565c6594f6d05587adb02"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/PgT7M87OTPSDtsiAGFTeb3xZDhA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2017 00:59:36 -0000

I think this (0-RTT) is a non-issue, but correct me if I'm wrong. This is
really about sending RST_STREAMs, not about anything else. I agree with
Victor and Nick that 0-RTT data cannot simply be retransmitted, but I think
this set of PRs is really about the wire protocol. The way I read it, QUIC
should never be sending RST_STREAMs of its own accord; that should be an
application-controlled mechanism. And to be clear, the only place that's
not true in gQUIC is when a RST_STREAM is received. gQUIC responds
immediately with a RST_STREAM.

In the current draft, we've already changed that requirement: the
application is expected to generate a RST_STREAM in response to a received
RST_STREAM. That leaves the transport requirement of responding with a
RST_STREAM to a STOP_SENDING. I believe STOP_SENDING really is an HTTP-ism
and belongs in HTTP. A transport that wants to throttle the sender on a
particular stream can use flow control to do it.

I think reducing error code space is innocuous, and I'm fine with it.

On Tue, Sep 5, 2017 at 5:07 PM, Nick Harper <nharper@google.com> wrote:

> The approach of treating rejected 0-RTT data like it was lost and
> retransmitting at the transport layer causes problems. As Victor
> mentioned, one of the problems is that the exporter secret changes,
> which is a problem for Token Binding if a client attempts 0-RTT Token
> Binding and 0-RTT is rejected. In this case, the Token Binding HTTP
> header needs to be rewritten to be a signature over the new exporter
> value, when the original stream had a Token Binding header that
> covered the old exporter value. I agree with Victor that on 0-RTT
> reject, streams should be closed.
>
> On Tue, Sep 5, 2017 at 4:31 AM, Victor Vasiliev <vasilvv@google.com>
> wrote:
> > On Tue, Sep 5, 2017 at 7:18 AM, Martin Thomson <martin.thomson@gmail.com
> >
> > wrote:
> >>
> >> On Tue, Sep 5, 2017 at 8:12 PM, Victor Vasiliev <vasilvv@google.com>
> >> wrote:
> >> > On Sun, Sep 3, 2017 at 9:55 PM, Martin Thomson
> >> > <martin.thomson@gmail.com>
> >> > wrote:
> >> >>
> >> >> The basic idea here - one that I believe that we have agreement on,
> >> >> but would like to confirm - is that only applications should be
> >> >> cancelling streams.  In short: if the transport kills a stream that
> >> >> the application was relying on, the whole application protocol state
> >> >> becomes indeterminate.
> >> >
> >> >
> >> > I assume this means only on the wire?  Because you have to close
> >> > the streams both when your connection goes down, and when you get
> >> > a 0-RTT reject.
> >>
> >> I forget where this discussion happened, but the current thinking was
> >> that 0-RTT reject doesn't result in streams being closed.  Instead, it
> >> causes any data that was sent to need to be retransmitted.  Basically,
> >> treat it as lost (though not for the purposes of congestion signals,
> >> waves hands a little).  Does that make sense?
> >
> >
> > That is what the current gQUIC code does, and it has been historically
> > sufficiently problematic that I've been trying to switch us away from
> that
> > behavior.  TLS prohibits automatic resend without explicit opt-in from
> the
> > application, and even then, it's a bad idea.  Application payload may
> vary
> > substantially depending on the state of the TLS connection, so if the
> > connection changes, client's presented identity, the exporter secrets
> used,
> > etc, may become different (and in case of exporter secrets, they will).
>
>

v2.23.0 | Report a Bug | By Email