Re: Split error codes in two
Nick Harper <nharper@google.com> Wed, 06 September 2017 00:07 UTC
Return-Path: <nharper@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00057132E3D for <quic@ietfa.amsl.com>; Tue, 5 Sep 2017 17:07:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hc_63Fjb40bQ for <quic@ietfa.amsl.com>; Tue, 5 Sep 2017 17:07:37 -0700 (PDT)
Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 880C11321CB for <quic@ietf.org>; Tue, 5 Sep 2017 17:07:37 -0700 (PDT)
Received: by mail-qt0-x234.google.com with SMTP id m35so16221209qte.1 for <quic@ietf.org>; Tue, 05 Sep 2017 17:07:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Nj5kIlfIKmHqrk7wQoI+xLFhKH5aE6UNC6Ux5FGLcbk=; b=pSQrNTKa9ZYW5mEwpxzD+i4nNhWmaggrRuqo/fnWBqLWnPB63JGnUQi3qL0f0EkUHJ ae6lPEWIxyBczTWrnYwbYpYo8kRrpgAj77W0BaOlPyPEKrPWgNLbsJY7OIubS60x9XVO XZN48j9stOLedUEyi8ykmlSuHS/ifchblNsMFdfndGex912CDy3H720jxCAube3G/1dW +pGZX47Y5BNGcLgQMfrjnRuklLxiU18KouZW+Qyek5ziVIJdcGuQR9Tf5vcbGA1LQMr0 uJjVsKFwZcsoXb0ldM1uLeqpcbhwfTSXJ0CSc4U4LLjeHBW1i1THG5uK2bHkCm3Mz5RL L0Jw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Nj5kIlfIKmHqrk7wQoI+xLFhKH5aE6UNC6Ux5FGLcbk=; b=MWJDYyfJ6CSTcw9X+hQolBvDL6IRQ395n+VnFhmxAhX2ftenlnA0c8Kv0glDuPiL+W virKDMvcX0FMALdBB09NeiKbwdpsf5RW6xrucEzr8p65sVvdjp1dYyrpPVS4fh5KasuP HkBL8kVrUyVV5iwr1eESq6tDEHewBEkzayAyXAq295pkRG9o9vQGwRO23XcOlalgccTR hX55jyQ1AEFmXXrRcFF4Q9kvqbuQQXwS+kBCJMxYqvoaDCBsqeX1MvlPjlSfFwaKN1mJ oSnoYe/CXwcb/+/Cwi/PLrws8t/PUCuW0Wk3j/5XcgYHohYAepeDdM2colvuVZnDPSTr DWtQ==
X-Gm-Message-State: AHPjjUihkMB16i6sKc2H6nMY0iQu1Mc/I5ah/AyjlDtoxykZwd0fhzBb 3u1SBvY4YF7+reTHl8ogdxbQgOxT0hGl
X-Google-Smtp-Source: ADKCNb4P6E6dwd5JktQzK7wnBzQWVyjPuLjgtlQuKQuhocu3Quk/wT95SxIpvB7Yja6F803JhyeC0EzJqlOBZSa+iaQ=
X-Received: by 10.200.41.240 with SMTP id 45mr1176285qtt.284.1504656456379; Tue, 05 Sep 2017 17:07:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.36.138 with HTTP; Tue, 5 Sep 2017 17:07:15 -0700 (PDT)
In-Reply-To: <CAAZdMacHC1HKhXMR4G9CKUOmYyQMsQBab+tampP-PG6n_jJZoA@mail.gmail.com>
References: <CABkgnnWwGAyHzkST9o9ueVmBw3_TpJun=dv2X+HL2snXSZJgew@mail.gmail.com> <CAAZdMafBWFWtC7A60P1CMm_6nUnbW+_Tx_7re1bAo7Vx2kLdcA@mail.gmail.com> <CABkgnnWphw3k=f3==2y3AhexQCj9Py50SLSEH06nN3MN0SCerQ@mail.gmail.com> <CAAZdMacHC1HKhXMR4G9CKUOmYyQMsQBab+tampP-PG6n_jJZoA@mail.gmail.com>
From: Nick Harper <nharper@google.com>
Date: Tue, 05 Sep 2017 17:07:15 -0700
Message-ID: <CACdeXiLS7W8cJbnT=orHkcd9reH=8QqhOzxWnUEpWZmfcdvd2g@mail.gmail.com>
Subject: Re: Split error codes in two
To: Victor Vasiliev <vasilvv@google.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/PnsxG6AlhrdMigWph04MQKvmEsI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2017 00:07:39 -0000
The approach of treating rejected 0-RTT data like it was lost and retransmitting at the transport layer causes problems. As Victor mentioned, one of the problems is that the exporter secret changes, which is a problem for Token Binding if a client attempts 0-RTT Token Binding and 0-RTT is rejected. In this case, the Token Binding HTTP header needs to be rewritten to be a signature over the new exporter value, when the original stream had a Token Binding header that covered the old exporter value. I agree with Victor that on 0-RTT reject, streams should be closed. On Tue, Sep 5, 2017 at 4:31 AM, Victor Vasiliev <vasilvv@google.com> wrote: > On Tue, Sep 5, 2017 at 7:18 AM, Martin Thomson <martin.thomson@gmail.com> > wrote: >> >> On Tue, Sep 5, 2017 at 8:12 PM, Victor Vasiliev <vasilvv@google.com> >> wrote: >> > On Sun, Sep 3, 2017 at 9:55 PM, Martin Thomson >> > <martin.thomson@gmail.com> >> > wrote: >> >> >> >> The basic idea here - one that I believe that we have agreement on, >> >> but would like to confirm - is that only applications should be >> >> cancelling streams. In short: if the transport kills a stream that >> >> the application was relying on, the whole application protocol state >> >> becomes indeterminate. >> > >> > >> > I assume this means only on the wire? Because you have to close >> > the streams both when your connection goes down, and when you get >> > a 0-RTT reject. >> >> I forget where this discussion happened, but the current thinking was >> that 0-RTT reject doesn't result in streams being closed. Instead, it >> causes any data that was sent to need to be retransmitted. Basically, >> treat it as lost (though not for the purposes of congestion signals, >> waves hands a little). Does that make sense? > > > That is what the current gQUIC code does, and it has been historically > sufficiently problematic that I've been trying to switch us away from that > behavior. TLS prohibits automatic resend without explicit opt-in from the > application, and even then, it's a bad idea. Application payload may vary > substantially depending on the state of the TLS connection, so if the > connection changes, client's presented identity, the exporter secrets used, > etc, may become different (and in case of exporter secrets, they will).
- Split error codes in two Martin Thomson
- Re: Split error codes in two Christian Huitema
- Re: Split error codes in two Victor Vasiliev
- Re: Split error codes in two Martin Thomson
- Re: Split error codes in two Martin Thomson
- Re: Split error codes in two Victor Vasiliev
- Re: Split error codes in two Nick Harper
- Re: Split error codes in two Jana Iyengar
- Re: Split error codes in two Martin Thomson
- Re: Split error codes in two Jana Iyengar
- Re: Split error codes in two Philipp S. Tiesel
- Re: Split error codes in two Martin Thomson
- RE: Split error codes in two Mike Bishop
- RE: Split error codes in two Lubashev, Igor
- Re: Split error codes in two Jana Iyengar
- Re: Split error codes in two Subodh Iyengar
- Re: Split error codes in two Jana Iyengar
- Re: Split error codes in two Martin Thomson
- Re: Split error codes in two Subodh Iyengar
- RE: Split error codes in two Lubashev, Igor
- Re: Split error codes in two Martin Thomson
- Re: Split error codes in two Jana Iyengar
- RE: Split error codes in two Mike Bishop
- RE: Split error codes in two Lubashev, Igor
- Re: Split error codes in two Christian Huitema
- RE: Split error codes in two Lubashev, Igor
- RE: Split error codes in two Lubashev, Igor
- Re: Split error codes in two Roberto Peon
- Re: Split error codes in two Martin Thomson
- RE: Split error codes in two Lubashev, Igor
- Re: Split error codes in two Martin Thomson
- RE: Split error codes in two Mike Bishop
- Re: Split error codes in two Martin Thomson