Re: CLOSE_STREAM redundancies
Matt Joras <matt.joras@gmail.com> Tue, 04 July 2023 22:15 UTC
Return-Path: <matt.joras@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54820C14F748 for <quic@ietfa.amsl.com>; Tue, 4 Jul 2023 15:15:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6VadoEm0RNyH for <quic@ietfa.amsl.com>; Tue, 4 Jul 2023 15:15:23 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BEC8C14EB19 for <quic@ietf.org>; Tue, 4 Jul 2023 15:15:23 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id 38308e7fff4ca-2b698937f85so101211611fa.2 for <quic@ietf.org>; Tue, 04 Jul 2023 15:15:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688508921; x=1691100921; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=sghSfdh8z+GioEMUSoroQVtFHIyy2g3vw1d3VlH2bBo=; b=RHzKqxPI4wx9La+o8qrrWlWck6/KKR3wc6tg9VzLPSieOb8+OrW/ofmBj3nrU3LPxk P3JLPTdZeGE0+znlakbI2mWdXUXpFbOx9UOjqhM0+Hopz/M9LKHhy19RMGuG6ayO4Hd6 nwpYfb9FVEmQj17eH/6xlQJTl6S7QDiw4IKp1UvRFK04bnjPU7cb/8dYoP1eSgou4Vb9 7b4sKL/z8m1EyA73multdQWChpG8lFr6iFYSTVvNTFOVlCw3lmO5nkPSY/ClDwP5yJuc ybVvVlGau7QJ9bKbBg8j6ZX+UIXVBf4heO79KOSlTEQ454IJMsD6soIm8iPGQdIXAED/ eBig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688508921; x=1691100921; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=sghSfdh8z+GioEMUSoroQVtFHIyy2g3vw1d3VlH2bBo=; b=RAzQXIwDlkjnZ+ueGY7aTFTMWRQ07XC2pW/81hqI1YfwJeMLE71q0m2LjtZWGnBW+f sZzg3DOaZcgovOM5TN+wzFtGPCSjRhmHlq+yN69Nzhgruth/aRfN4p22xR8941Ri6hO/ I2XVNkR/jELsPh5tHcVWl554PDROqcLoDwjHSOFD8oObGyccCD73uZSfu5MRQQaXb0kE ft+R0EzXVIcTNbUK4JsBF5aBDEO6BpXyCjN/0v0Hu+Zo+NK3OOfuTrLA29+16j/SLrrO JKr8Cdsd0r5LZGfedc+VULhXJhI+Kb0T5VfEqLt9gdV3FdnvzNnSL1jB2nZj3FXXU8yr YfpA==
X-Gm-Message-State: ABy/qLb88h8sa7jDpCNM7cWA06TX0NMnY/xT+gb1abFPGybo3vMxGIvC IF2DNylqvFuGbfjPQB95XyMJQnSitlpnyjTIGfQVh60I
X-Google-Smtp-Source: APBJJlFF84XnpnanevnOjz/z/iMsInqCsL06ZGHNlncXQ374nSW+SBEREktZausyhWXF1cDbMIuLlAvwDFPFG3BTHXg=
X-Received: by 2002:a2e:8e8d:0:b0:2b1:ad15:fe38 with SMTP id z13-20020a2e8e8d000000b002b1ad15fe38mr10486580ljk.3.1688508921147; Tue, 04 Jul 2023 15:15:21 -0700 (PDT)
MIME-Version: 1.0
References: <e527a444-5eb7-463e-b8b7-e260683cdbda@betaapp.fastmail.com>
In-Reply-To: <e527a444-5eb7-463e-b8b7-e260683cdbda@betaapp.fastmail.com>
From: Matt Joras <matt.joras@gmail.com>
Date: Tue, 04 Jul 2023 15:15:09 -0700
Message-ID: <CADdTf+ix5AA=Z5M30MziPO=sgxU-jimnNG6MBtexLY+ZvbJQjg@mail.gmail.com>
Subject: Re: CLOSE_STREAM redundancies
To: Martin Thomson <mt@lowentropy.net>
Cc: quic@ietf.org
Content-Type: multipart/alternative; boundary="00000000000071f68705ffb09e36"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/cCFO3gWwJJbjw-F859aoiefpv9o>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2023 22:15:24 -0000
Hi Martin, (Individual hat on) On Mon, Jul 3, 2023 at 11:40 PM Martin Thomson <mt@lowentropy.net> wrote: > draft-ietf-quic-reliable-stream-reset-01 includes a change to make the > Application Protocol Error Code field optional. > > I don't think that this is a necessary change. There are essentially > three cases for stream termination that this draft attempts to unify: > > 1. No data kept. RESET_STREAM covers this. > 2. Some data is kept. This is the new functionality. > 3. All data is kept. STREAM with the FIN bit covers this already. > > The draft rightly observes that the new frame with a retained limit of 0 > is exactly equivalent to RESET_STREAM. That's redundant, but I see no real > harm in it other than the waste implied by sending the new frame type > instead. Changing this new frame so that a 0 could not be encoded would > not save much, but it would make the frame processing more error prone. > > Where things get interesting are those cases where there is no error. The > new version of the draft proposes that abandonment of a stream without > delivering all of the (maybe promised) content is not necessarily an error > condition. > This is pretty much the entire reason motivating this change. > > That's a rather maximal design, covering the above options 1 and 2 in > cases where there is no error (and case 3 where all data is delivered, but > an error occurs anyway). I don't see any way in which this is worth using > a high-value codepoint for. Yes, applications might consider a reduction > in stream length as a useful tool, but - if they do - supplying an error > code for use in signaling that is not a terrible thing. > Supplying an error code introduces an inconsistency in how an application terminates streams, and in fact has already caused confusion in the early discussions of this draft. Specifically, when this draft was initially proposed the framing of it was as a way to "partially" reset a stream, thus the name. The initial implementation, and some of the hesitation, came from the fact that implementers thought about implementing this as a "variant" of a RESET. But once you think long and hard about the problem, you realize it's actually not a RESET. This confusion stems from the fact that a reset is inextricably tied to a RESET. Framing it as a semantic independent from a RESET clarifies the implementation and the usage of the new functionality. It is a way to terminate the send side of a stream. Sure, the motivating usecase (web transport) doesn't care about using this for terminating without an error (partially because of HTTP's particular fixation with using error statuses/codes all the time), but why should we foist that constraint on all other applications? If we had made it so that streams _always_ terminate with an error code, i.e. instead of a FIN bit we had a code, there wouldn't be this inconsistency. Viewed another way -- the new proposed frame is a more generalized way to terminate the send state of stream. The properties of that termination are whether there's an error attached, and an offset. Allowing it to not communicate an error provides a way to accomplish both. It is also more honest about what the frame can be used for -- a constrained partial reliability semantic that is particular to stream termination. If this was framed as a component of stream partial reliability, the mandatory inclusion of an error would seem even stranger. > Probably the most difficult aspect of this change is the API that would be > implied by the use of non-error versions of the new frame. An application > would receive bytes up to (or maybe exceeding) the reliable length, but no > error signal - no indication that the bytes were truncated. I can easily > imagine how that would lead to security problems in applications that were > unprepared for the possibility. I'm not sure I understand the concern here so I think it is worth elaborating. A fairly straightforward API for reading from a QUIC stream is that data is yielded to the application, and when the offset corresponding to the FIN is read, that is communicated and no further data is yielded. With such an API the CLOSE_STREAM without error would be more or less transparent to the application as it would effectively result in the application's view of the data "stopping" being variable. "Truncation" implies it was unexpected, but again, the whole point of not having an error is that sometimes it _is_ expected for this application. For such an application that is communicating a variable amount of bytes on a stream, _after_ those bytes have already been "written", there isn't any truncation. What if the application puts bytes after the "reliable point" which are advisory and/or not critical to the application protocol's functioning? Applications that leverage this would, by definition, have to be able to handle this. Just like today, it is the onus of an application to know how to handle things like RESET, the proper usage has to be specified by the application protocol. I also don't think we should be making inclusion judgments about what deserves or does not deserve a low codepoint. Would it be less objectionable if we had already crossed the two byte codepoint threshold? > > On the other hand, allowing the bytes to be delivered before generating an > error signal is a fairly easy way to signal truncation, without losing > those bytes. In other words, the only safe option is to ensure that an > error signal is always generated when anything less than an entire stream > is delivered. > > Cheers, > Martin > > (Separately, this is the sort of change that really benefits from on-list > discussion. I couldn't find any justification for the change, even in > GitHub: https://github.com/quicwg/reliable-stream-reset/pull/11 appears > without much commentary.) > > Matt Joras
- CLOSE_STREAM redundancies Martin Thomson
- Re: CLOSE_STREAM redundancies Matt Joras
- Re: CLOSE_STREAM redundancies Martin Thomson
- Re: CLOSE_STREAM redundancies Lucas Pardue
- Re: CLOSE_STREAM redundancies Matt Joras