Review of draft-jholland-quic-multicast-02
Martin Duke <martin.h.duke@gmail.com> Thu, 18 August 2022 00:42 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19936C14CE3D; Wed, 17 Aug 2022 17:42:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7-bFw1cgAJ4c; Wed, 17 Aug 2022 17:42:10 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA8A7C14CF1D; Wed, 17 Aug 2022 17:42:04 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id cb8so161184qtb.0; Wed, 17 Aug 2022 17:42:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc; bh=Q+w6ly6AMimBckSfyHm5Qyk4K907xopeckzRO2p42Dg=; b=b0im/ZrPceA0cJkJDsO4VW3QdIUZLV5DNdwCSPY9hb1EXi6q7fiiZk8Lu9e0zrrFkd BdGi/gWuEv6xSfVCSsCBL0JOaqO/TNWFR2oP7nRabiUH/mP63agnDzYPFHpiwJfbSfRV nUwyTAAdCjIXm3Qv1SpkVyab4XR2mxZegICOrIBBEMKPL4zMaeCXVdjI0J1CK2iLykBz baKx/Tr/DRYbytEyZ2zDT9m9sT995JJfiXrXxQsDG1V0HQse/BodzfwXEnjBP4nesKf0 zPCT9rwlGlHEyucK4SmOWkPOdemm8MIyy5WPYE7hNew7esHzUYyKilCX1T+2jR5aH4Ji dbUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc; bh=Q+w6ly6AMimBckSfyHm5Qyk4K907xopeckzRO2p42Dg=; b=ZOogcy5T6/SOMI1E3BAXoDPszY6tcoQPOC+nfE2IyHuj2kh9IUVSFuxWdZfWnWzSZs 4pKktGSMwktarPVUg/63vY2QPq+C+8OLczdxLJyc6kFQ7PWLMffijGHSJ5HxjUNw+cmm 3z6mJK9woSIPzhhv2HYFsbR+FIob4cX8bK3lq/v/zNgdY8zRMg0wGrP/gp0Fjo22DP7W pDdYeIwGf7MOpgZcRDNPorNRzL8G55rVfXWlpBW0fIFhAK9+n9fh/UNLiDHLm2YR9vnW KiW+YTBG4nGySGrEJ5staBKgCkg4AnwBkS/X262TXq80ca2Y8jCKxjBEHMxBjwocHjtM CJOg==
X-Gm-Message-State: ACgBeo2ICY+5ARwNPq6FA3MMQolkX/Q91DPPXrKmb0NjQdKKhRZBKidP y24tCA3pCgQ6cph9w2AScF1pWe1KNejOgnkMX0nfwZcwmBA=
X-Google-Smtp-Source: AA6agR73BEXECzVlQZzFYntRqgOgSPZtzskJhOPqtrSJP8Taa8g7YTf1y71HpJCeCCVO/JwBFMAUCEsaw5Z5WxjJrDA=
X-Received: by 2002:ac8:5749:0:b0:343:79d8:f20d with SMTP id 9-20020ac85749000000b0034379d8f20dmr740624qtx.126.1660783323372; Wed, 17 Aug 2022 17:42:03 -0700 (PDT)
MIME-Version: 1.0
From: Martin Duke <martin.h.duke@gmail.com>
Date: Wed, 17 Aug 2022 17:41:52 -0700
Message-ID: <CAM4esxRm4W9Fq9W1ZdbXCHTtOEuLp0Ft3nJogkgDWMSPB5_aig@mail.gmail.com>
Subject: Review of draft-jholland-quic-multicast-02
To: draft-jholland-quic-multicast.all@ietf.org
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000009de9405e6794014"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Q9dpTo--5PTm66bDBdQdl24-Tyo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2022 00:42:11 -0000
With no hats, IETF or Google or otherwise: I enjoyed reading this document. I am not particularly knowledgeable about multicast, but found the ideas here to be innovative. Martin High-level comments: ~~~~~~~~~~~~~~~ - I don't really understand the workflow here, and I wonder if explicit discussion of what you're expecting the application layer to do would be helpful. Let's say a client connects to liveevents.example.com. Say the server has 100 different programs, each with 3 channels corresponding to different data rates. This is a very push-oriented model. The server uses MC_ANNOUNCE, potentially to list all 300 channels. It can't send MC_JOIN to all of them, since that would violate capacity limits, so it has to divine what the client wants. Presumably this is being driven by an application-level request protocol (HTTP or whatever) that allows the server to tell QUIC what channel to push. Is this right? - Relatedly, I don't understand why MC_ANNOUNCE and MC_JOIN have to be different frames. There could be a super-frame that has all of this (in addition to MC_KEY information, though that frame also has to have a separate incarnation for re-keying), which would streamline the client state machine considerably. Put differently, I don't see the value of the "unjoined" state. - I haven't thought it through fully, but I am concerned about the possibility of actual Join/Leave state changes becoming desynchronized with IP-level multicast group joins and leaves. Have you worked through the various combinations of a client misbehaving here, doing one but not the other, and convinced yourselves it'll all be fine? - (4.4) It might be useful for MC_ANNOUNCE or JOIN to have up-to-date stream information; how many streams are open, and what is the highest index. In practice, I don't see how a server could support two channels on one connection unless channels are assigned unique stream ID ranges. It would be useful for MC_ANNOUNCE or JOIN to contain stream information (max number of open streams, highest stream ID) so that the client could update its flow control and make a better decision about joining the channel. - (6) How does the client measure packet loss? It's worth pointing out that there is no receiver packet loss detection mechanism in QUIC, so this has to be invented out of whole cloth. Reading between the lines both here and in the MC_INTEGRITY section, I think you have an implied requirement that servers MUST NOT skip packet numbers in the channel; if so, write that down. - (10.2) I can almost figure out for myself why normal key phase rotation would be insufficient, so that you need MC_KEY, but it would be nice for it to be written down. Straightforward stuff to fix ~~~~~~~~~~~~~~~~~~~ (3) I take it that if MC_LIMITS says that both IPv4 and IPv6 are disallowed, this is a way of turning of multicast capability after having initially advertised it, or vice versa? Or is setting both to zero not allowed? (6) Please specify what frames count against cwnd -- I would imagine everything except MC_ACK. (7 and 10.5) IIUC, it's fine for MC_INTEGRITY frames to be sent on the channel, but it's important that the "root" MC_INTEGRITY frame is sent on the unicast channel. Otherwise, channel A could send MC_INTEGRITY for channel B and vice versa, and I believe that would not be effective against the threat model. (10.1) "Header AEAD algorithm" is a weird way of putting it. It's not an AEAD algorithm; instead RFC 9001 designates an header algorithm (AES-ECB or raw ChaCha20) depending on the AEAD algorithm used for payload protection. - Is it intended for MC_ACK to be any less than once every two packets, or are you take the ack-frequency extension and extend it to MC_ACK? (10.8) "After retiring a channel, the client..." makes it sound like the client sends MC_RETIRE. How about "After receiving MC_RETIRE,..." To add to your explanation about RETIRE_CONNECTION_ID, this frame is sent by the creator of the connection ID, which receives packets with that CID. The valence here is different: the creator of the channel ID is also the sender. Nits ~~~ (5) "Desynchronized Limit Violation" should probably be capitalized and added to the registry. (12.1) If it's convenient for some reason, the server could also send preceding data on that stream on the unicast connection to catch the client up.
- Review of draft-jholland-quic-multicast-02 Martin Duke