Re: Confusion about PR#3499

David Schinazi <dschinazi.ietf@gmail.com> Fri, 08 May 2020 23:34 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDDC13A0E8D for <quic@ietfa.amsl.com>; Fri, 8 May 2020 16:34:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V11vy-qqwkV5 for <quic@ietfa.amsl.com>; Fri, 8 May 2020 16:34:33 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2CD73A1013 for <quic@ietf.org>; Fri, 8 May 2020 16:34:32 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id h4so3427462ljg.12 for <quic@ietf.org>; Fri, 08 May 2020 16:34:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UlIPjQzY0cMRNDlcXgRkIW+PyenjvhgvieNGODFdUZM=; b=H9AnLSZER1W72VTF+7VtCgr/s/DaqvihVttycbCapM4knWPLVR6ZLmT8xfcDfSnSXT /6OLKneEB9Psls9F1zAYSYSW+513RQQIxlQ+9QY4T0vyA1t8hfyuipG5Wq/dFRITGR2c AXtKjTowMSExaNgLnLbOV4Mbd+cK/08EgV/W7p6FbkOspbw+J8a3HBlhqdLZzp5E51KN LNClb6lHyrZr7QQb4BJ9YwTJXjbjpHNQn+6ufa4GwoYalW6MXx/1cc/uV80HukA3/e1v fQtVB1bwi/ZXhRJoZmpT4SBPfx66zrfzk+yuD/sJ5JHfMKaYwu4ZivyKdqcHqoG3WF6O iG2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UlIPjQzY0cMRNDlcXgRkIW+PyenjvhgvieNGODFdUZM=; b=JxltBnzD+Mj0YlZ4/Jp8ckwxiIuHkif9FtgdAXwcgNfJwJtSlFPu0Dq3RZLDFOMFcf LIr2yA33UJ7GIE7ocgoFLXr1Zw3Dzt9h2jH13lTVEyQRvXlVTOgFKZolRIx74CF5BIuI kvGbHbkCEpxucP+MrfRj/x9+hCT8dqOGPfbA9S1y8RIzeuNWSGaZ5I8bcYlQnGrDPRjV jqumIfmItr3GTR5OJq1BkKXcbVN/00e4PBNP5Rj/udzsVOMFkb2+0jkkVSoPFP9r/G0i Qaqc9nVWI7vGhhg8vj+wphKKRRwEcqEiYJpM2YA+E+x9RnLgy5amddeiU6zoFDAQp1pk 8HlQ==
X-Gm-Message-State: AOAM531a8g7+Ylo3xK50tiZlmBVEnN1m8+6nOh4NpuuUH/bzN1SieKSc hFChClAVZwSntqEemz4NSPiR+IlvUHkQpHCgLIk=
X-Google-Smtp-Source: ABdhPJwIA1C3CSJdGC8gARlVD5KsgrMtArXq52h2VQkYeZ8DgS51QOhOQpxVbES6ipKlYV0wWr88HiP5m2BXfujRA5g=
X-Received: by 2002:a2e:7a08:: with SMTP id v8mr1300804ljc.66.1588980870911; Fri, 08 May 2020 16:34:30 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBMw0TvSER9p3anohvm-hq=PZ03ayH+NZfBQ5RfMsxx_EA@mail.gmail.com>
In-Reply-To: <CABcZeBMw0TvSER9p3anohvm-hq=PZ03ayH+NZfBQ5RfMsxx_EA@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Fri, 8 May 2020 16:34:19 -0700
Message-ID: <CAPDSy+6uTohUwK7uUvD9knt3QQTPUKnwVxyg-vNtzgyGXM+jmg@mail.gmail.com>
Subject: Re: Confusion about PR#3499
To: Eric Rescorla <ekr@rtfm.com>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005d9a6c05a52b70a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Safle2U5RHIBnCbJc-v6C6shARk>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2020 23:34:37 -0000

Thanks for the review Eric!

Some thoughts:

1) initial_connection_id
Unless I'm missing something, all Initial packets that an
endpoint sends on a given connection use the same
source connection ID, regardless of this PR.

I agree that we should resolve the discrepancy between the
two definitions of initial_connection_id. I would use something
like
    "The value that the endpoint included in the Source
    Connection ID field of the first Initial packet it sends"
in both places.

2) original_connection_id
Similarly, the client uses the same DCID on its first flight of
Initial packets (and retransmissions thereof) until it
receives something from the server that makes it change it.

I also agree that we should clarify the discrepancy. I would
use something like
    "The value that the client included in the Destination
    Connection ID field of the first Initial packet it sent"
in both places.

I made note of these comments on the PR.

David


On Fri, May 8, 2020 at 3:33 PM Eric Rescorla <ekr@rtfm.com> wrote:

> OK, I'm trying to make sure I understand this PR correctly. It's
> possible I'm just misunderstanding a lot of stuff, but as I go through
> it, I'm finding things that are confusing to me.
>
> Let's consider the following simple handshake, with each
> flight being one arrow below:
>
>    Client                                 Server
>
>    Initial [CH] SCID = C1, DCID = S1 ----------->
>    Initial [SH] <----------- SCID = S2, DCID = C1
>    Handshake [EE...]  <----- SCID = S2, DCID = C1
>    Handshake [CFIN] SCID = C1, DCID = S2 ------->
> >
> Now, based on this text, let's try to populate these fields.
>
> The client sends only initial_connection_id, which is defined
> variously as:
>
>   Each endpoint includes the value of the Source Connection ID field from
> the most
>   recent Initial packet it sent in the initial_connection_id transport
>   parameter; see {{transport-parameter-definitions}}. A server includes the
>
> And:
>   The value that the endpoint included in the Source Connection ID field
> of the
>   first Initial packet it sends during the handshake; see {{cid-auth}}.
>
> Note that these definitions are actually in conflict, because the first
> says
> it's the most recent Initial packet and the other says the first Initial
> packet. However, as it happens only one Initial is sent, so it doesn't
> matter.
>
> So initial_connection_id = C1
>
>
>
> SERVER
> The server also sends initial_connection_id, which is S2.
>
> It also sends original_connection_id, defined as:
>
>   parameter; see {{transport-parameter-definitions}}. A server includes the
>   Destination Connection ID field it receives in original Initial packets
> from the
>   client - Initial packets received by the server prior to sending a Retry
> packet
>   - in the original_connection_id transport parameter. After sending a
> Retry
>   packet, a server also includes the Source Connection ID field from the
> Retry
>   packet in the retry_connection_id transport parameter.
>
> And
>
> : The value of the Destination Connection ID field from the first Initial
> packet
>   sent by the client; see {{cid-auth}}.  This transport parameter is only
> sent
>   by a server.  The value of this parameter depends on whether the server
>   sent a Retry packet; see {{packet-retry}}.
>
> And
>
>   A server always includes an original_connection_id transport parameter.
> If it
>   sends a Retry packet, the server MUST subsequently include the
> Destination
>   Connection ID field from the client's original Initial packets - packets
>   received by the server prior to sending the Retry packet - in the
>   original_connection_id transport parameter. If the server did not send a
> Retry
>   packet, the value of the original_connection_id transport parameter MUST
> be
>   copied from the Destination Connection ID field of the most recent client
>   Initial packets.
>
> So again, we have an inconsistency here between "first Initial packet"
> and "most recent client Initial packets". In the handshake above it
> doesn't matter, but consider what happens if the server's Initial spans
> more than one packet and the client sends an ACK. As I understand it, that
> would look like this:
>
>    Client                                 Server
>
>    Initial [CH] SCID = C1, DCID = S1 ----------->
>    Initial [SH1] <---------- SCID = S2, DCID = C1
>    Initial [SH2] <---------- SCID = S2, DCID = C1  // LOST
>    Initial [ACK] SCID = C1, DCID = S2 ---------->
>
> So now we have two Initial packets with different DCIDs. Which one
> goes in this field? Or have I forgotten how ACKs work with Initials?
>
> I've got some further questions, but I'd like to get unconfused about
> this before I keep going.
>
> Thanks,
> -Ekr
>
>
>
>
>
>
>
>
>