IETF Logo Mail Archive

Re: KEYS_READY

Kazuho Oku <kazuhooku@gmail.com> Wed, 13 February 2019 05:55 UTC

Return-Path: <kazuhooku@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93B49131023 for <quic@ietfa.amsl.com>; Tue, 12 Feb 2019 21:55:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 80JuvNkwB8FS for <quic@ietfa.amsl.com>; Tue, 12 Feb 2019 21:55:38 -0800 (PST)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B5CF130F35 for <quic@ietf.org>; Tue, 12 Feb 2019 21:55:38 -0800 (PST)
Received: by mail-lf1-x131.google.com with SMTP id v7so855119lfd.2 for <quic@ietf.org>; Tue, 12 Feb 2019 21:55:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=s1HFUpgagEsxga9ye+RFJ7L2b0IsMiue6zBtysPJruE=; b=IjTw5BFez4rBmBQr0faHnzV6iB/8XLDb5h21tHMz7STQYjZow1CInRmr+o4IYLqBwx e0rAiOJDE2fl4FUUToBLrglZNl6jpIyjI4sHMZWZOuzYu/UYR7wb99mo+UMeJmEm05kq 98Evfxx3OocZnLQhXEhezMPSC2Vbt+IPRcSiZ7m2txYYJoXjLFTYZ6qDax4WXEL0rgpg qPFz/BLUkGLqXgC/cOk7Ok1bF29uL/89DcX99K9QJkRyf+L6ud6EAdxoNeB30V5wi6H+ z/DgXh1ytm8fWAl7UuQi+tZCyLi5x0IkYUZKefJB1UaUAgPs6vIAPWJP7vg41P96m2MF dBtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=s1HFUpgagEsxga9ye+RFJ7L2b0IsMiue6zBtysPJruE=; b=rDgvlX1p0/8U2paqCPb8OiJjdsvAXdgOvJHE1B3TvGXl6bfSTiovbJDsN5/9HPCKm+ Cp7QXOkfDjq2JkB6MNe4NeSZg2dz68lUiFl/T9JwZPcqtFHVRPrCdH0fsQKhlv07U0Jp 5PlMKt8NHU+lMgiDzNAb8WYEDi1SC3OvLjvv9n/IcKWkP564usJutMoNJFTGOZrfK4kH K3NLKrTF20MW1SMeVH3osRqqN5yEXJKW3ltP5T43oV1bC7q6C7yHw39QyrUGG6T5itOR 6OrRS90GePJZcl8WPk9DKWQv4yFLEZeTSTL7+dWz6pibqnYq+Kel4+pqFP508CIvGXAK YFuA==
X-Gm-Message-State: AHQUAuZrqoHlYvqTZnSh3LCyNdsGxWM9+dtWXkHkTB+wToUgdKd5C83g Mw8xKOU36iPG2ml8imvMoS7ksZ+cILjay3AgD+s+NA==
X-Google-Smtp-Source: AHgI3IZKvKNme56PiAmMXuw6+LrquHTt3C19lNVuwsYFGCRVEO27KqyCy953d2x0m4Btzr0QuRtf9zaTcquIS0roPPQ=
X-Received: by 2002:a19:1d1:: with SMTP id 200mr4546313lfb.7.1550037333521; Tue, 12 Feb 2019 21:55:33 -0800 (PST)
MIME-Version: 1.0
References: <1550022355.557617.1656828112.4DD1CEE6@webmail.messagingengine.com>
In-Reply-To: <1550022355.557617.1656828112.4DD1CEE6@webmail.messagingengine.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Wed, 13 Feb 2019 14:55:22 +0900
Message-ID: <CANatvzy_juza_meGR_-KuBV9FA=F754mv54aawxMb8hYWxb1gA@mail.gmail.com>
Subject: Re: KEYS_READY
To: Martin Thomson <mt@lowentropy.net>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/krgC3dS196GTImMe_0vkEvp-wzk>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 05:55:41 -0000

Hi, Martin

Thank you for writing the PR. My comments inline.

2019年2月13日(水) 10:46 Martin Thomson <mt@lowentropy.net>:
>
> https://github.com/quicwg/base-drafts/pull/2237 has been updated to include the discussed new frame.
>
> This allows us to remove the implicit-ish acknowledgment of Initial packets, fix the problem Marten identified with discarding Handshake keys, and the problem Kazuho found with multiple and simultaneous key updates.
>
> There were two designs that were valid here, and I want to ensure that people think about the choice:
>
> The one I chose to write up uses a design like ACK.  The keys used to protect the packet determine how the frame is interpreted.  That is, KEYS_READY in a packet implies that the corresponding keys are in use.  The cost here is that you have to purge any potential retransmissions of KEYS_READY when you update keys or you risk creating a false signal.
>
> The alternative involves more explicit signaling, and requires us to label each set of keys unambiguously.

My weak preference goes to burning a bit in the first byte (we have
reserved bits in all the necessary packet types) due to the
exceptional retransmission rule that we would have for the frame, but
I'm not sure how much I care.

> For that we could borrow the DTLS epoch convention, though that is inconveniently out of phase with the Key Phase we use; not a major issue, but a little hard to reason about.  This doesn't have a retransmission problem, but in addition to the need to document the counting system, we would need to decide whether a mismatch between frame and packet is OK, or something that can produce a connection error.
>
> Obviously, I have a preference for the former, but if people feel differently, this is a good place to register your reasons.
>
> Editorial concerns should be directed toward the pull request.
>


-- 
Kazuho Oku

v2.23.0 | Report a Bug | By Email