IETF Logo Mail Archive

Re: Alternative ways to keeps ODCID on the server

Marten Seemann <martenseemann@gmail.com> Sat, 25 January 2020 04:42 UTC

Return-Path: <martenseemann@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6282F1200F3 for <quic@ietfa.amsl.com>; Fri, 24 Jan 2020 20:42:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x4_D-mRNLfv0 for <quic@ietfa.amsl.com>; Fri, 24 Jan 2020 20:42:09 -0800 (PST)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C15012004E for <quic@ietf.org>; Fri, 24 Jan 2020 20:42:09 -0800 (PST)
Received: by mail-lf1-x133.google.com with SMTP id f24so2627975lfh.3 for <quic@ietf.org>; Fri, 24 Jan 2020 20:42:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QvhUZ4RbHACo7TDTJIC/pfilale4gR0jnft3OZlXqJU=; b=Nxd9QbKe/honZp3jKfW7DPlLa8dlEMB0Cv9RfUCMjfYtKGTwfHb8k16DAt6yxbHRnD bKxrJ6vHLCewE3RQKVYoPRUomuxtu2YDeakNJx1oc773Zed/2HpM7wgkOI6w1I/J1xRb HUXKWlEbHwK76vz1iGQx02olWB1NlWxAm39Hu+QoUrTkxblxgE5NCceI2I7qD3+7pv0c l+2zKdGXpmi8my26T5XILNO/5AH8LOJiO+SuqrOyjagT2Scm5r3TV3+NTrhhRDxF+EWH 6pRCVN4E8i+Q+cErzmTDu5dlJw09Xo04P+nIBcuI3u1BYGZ8cXslftvJ3NjfzupYHqaL LKfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QvhUZ4RbHACo7TDTJIC/pfilale4gR0jnft3OZlXqJU=; b=M2wQamEyLPLAACpIBX85BHpN0CwsGI3/6szg0pkWLp0BN3ECDRzpPlgwEW6lzXeU6S PD7+zIybKTVoCYLuXpOlRHwzI92+3/qB+PlhOadt1me4i0A67QCbtI8KsHftfQC68ddw fecU26x/RLosUQwirtEBdlxAZqjq7U6+rpuPSn7ZwqfsUeZApvVNKunO3w27+fzWbPd7 iEBBOuf6gS0JYg1HaFwYSJ6fXSyXPqnXgirz1PY1NQwoD96kRj6dT/yLucItuTejKGXM ZcEr2Cr+ARirqK19wv6fLRqJtkC87cWxeA59Hhj0mu7Uq2GWOkNr4n4sZE+By/ZDT6gu GVhQ==
X-Gm-Message-State: APjAAAVe4dYoRe25qd8rx56KtZpDQ9YdZLQAhNt8Dh7zR0ivsl0RjKtK aHT2Kp8F7VdZBlVH0PRTxehAgKqdsoy+O5zMe0Eve2su
X-Google-Smtp-Source: APXvYqwdLkrALNump5wCKQD8Zt0DMNUNxuWMBdEtTuwI7OevjK4qEvSunbRX+snBCJnX7q3TCIGfMQer5qaOi/ZcFvE=
X-Received: by 2002:a19:4849:: with SMTP id v70mr3090139lfa.30.1579927327349; Fri, 24 Jan 2020 20:42:07 -0800 (PST)
MIME-Version: 1.0
References: <20200124222434.GA8279@ubuntu-dmitri> <7b228c14-c0d3-6458-77ab-945e713ef429@huitema.net>
In-Reply-To: <7b228c14-c0d3-6458-77ab-945e713ef429@huitema.net>
From: Marten Seemann <martenseemann@gmail.com>
Date: Sat, 25 Jan 2020 11:41:55 +0700
Message-ID: <CAOYVs2qhPBtbjrVEXE+oMXWUWRBqhzDfZsiOatRW5Zd67e1sWg@mail.gmail.com>
Subject: Re: Alternative ways to keeps ODCID on the server
To: Christian Huitema <huitema@huitema.net>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001e1efe059cef7fd4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Wj8VAcK6LhWt40mqvlKj_cyD6Rw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jan 2020 04:42:11 -0000

Then it's not a *Retry* token, then it's a NEW_TOKEN token.
It's a kind of subtle distinction (as I noted in
https://github.com/quicwg/base-drafts/pull/3107#discussion_r349859380).

On Sat, Jan 25, 2020 at 9:18 AM Christian Huitema <huitema@huitema.net>
wrote:

> On 1/24/2020 2:24 PM, Dmitri Tikhonov wrote:
> > Hello,
> >
> > PR 3107 introduced the following text:
> >
> >    If a server receives a client Initial that can be unprotected but
> >    contains an invalid Retry token, it knows the client will not accept
> >    another Retry token.  The server can discard such a packet and allow
> >    the client to time out to detect handshake failure, but that could
> >    impose a significant latency penalty on the client.  A server MAY
> >    proceed with the connection without verifying the token, though the
> >    server MUST NOT consider the client address validated.  If a server
> >    chooses not to proceed with the handshake, it SHOULD immediately
> >    close (Section 10.3) the connection with an INVALID_TOKEN error.
> >    Note that a server has not established any state for the connection
> >    at this point and so does not enter the closing period.
> >
> > The problem with the "server MAY proceed" part is that the server's
> > transport parameters MUST include original_connection_id.  If ODCID
> > cannot be extracted from the invalid Retry token, then the server
> > cannot let this connection proceed.
> >
> > Questions:
> >
> >     1. The Retry token seems like the obvious place for the server
> >        to store ODCID.  Is there an implementation that does something
> >        else (state on server)?
> >
> >     2. Should we spell out this caveat in the draft?  I.e. "server MAY
> >        proceed if it possesses ODCID."
>
>
> What if the Initial packet carried a token from an expired NEW TOKEN frame?
>
> -- Christian Huitema
>
>

v2.23.0 | Report a Bug | By Email