IETF Logo Mail Archive

RE: Go Back to Single Packet Number Space

Nick Banks <nibanks@microsoft.com> Thu, 26 July 2018 14:05 UTC

Return-Path: <nibanks@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC392130E70 for <quic@ietfa.amsl.com>; Thu, 26 Jul 2018 07:05:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id um3r3l3oav4T for <quic@ietfa.amsl.com>; Thu, 26 Jul 2018 07:04:59 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0123.outbound.protection.outlook.com [104.47.41.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16282131158 for <quic@ietf.org>; Thu, 26 Jul 2018 07:04:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bkra2vfAEITDOlNnmMCps/ab9jnkjisdJySdgh74iT4=; b=OUilGR+k7H2aecL4aJdAgXJ91hTL1DgogNLqznziVa2Vu9shPa08m6m3ICaS8MCq6una55pMm0bz5lJSttM+5WPhRat7wtqz7M7Uk3Jr+Cw3bDMvxRcsDaArAHqwzfbzdJAWyMEJ+Qo4Ge7bkb2FOPMuxG/bS57pA2MyZx1prsE=
Received: from DM5PR2101MB0901.namprd21.prod.outlook.com (52.132.132.158) by DM5PR2101MB0917.namprd21.prod.outlook.com (52.132.132.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1017.2; Thu, 26 Jul 2018 14:04:50 +0000
Received: from DM5PR2101MB0901.namprd21.prod.outlook.com ([fe80::b1ef:f0bd:d9eb:2545]) by DM5PR2101MB0901.namprd21.prod.outlook.com ([fe80::b1ef:f0bd:d9eb:2545%2]) with mapi id 15.20.1017.000; Thu, 26 Jul 2018 14:04:50 +0000
From: Nick Banks <nibanks@microsoft.com>
To: Patrick McManus <pmcmanus@mozilla.com>, Kazuho Oku <kazuhooku@gmail.com>, QUIC WG <quic@ietf.org>
CC: Martin Thomson <martin.thomson@gmail.com>
Subject: RE: Go Back to Single Packet Number Space
Thread-Topic: Go Back to Single Packet Number Space
Thread-Index: AdQkTBwat6Uz522HTCmlcfdQS0RX0wANbUcAAA5hLwAAB8AWgAADcZzg
Date: Thu, 26 Jul 2018 14:04:50 +0000
Message-ID: <DM5PR2101MB0901581E982F410F31E42E2AB32B0@DM5PR2101MB0901.namprd21.prod.outlook.com>
References: <DM5PR2101MB09016D44959E5796570F3CB7B3540@DM5PR2101MB0901.namprd21.prod.outlook.com> <CABkgnnUTPvrVALX0Xr9xGpJnTHq=yWN48NRqtcQSZ4bzGFjAYA@mail.gmail.com> <CANatvzwP9czJSVzLWYj1+0-rGMkeX0UAE9T+11Zd2ygip4K29A@mail.gmail.com> <CAOdDvNqzecNOX9hPrMqpTWTFh3yrqFjdmxtm1e+_sC6y+xxZsA@mail.gmail.com>
In-Reply-To: <CAOdDvNqzecNOX9hPrMqpTWTFh3yrqFjdmxtm1e+_sC6y+xxZsA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=nibanks@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-07-26T14:04:48.6805047Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:1:1d83:4be1:90a4:2f3c]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR2101MB0917; 6:db612/Bt6xuUXIvSDTyQolz26fvNxMKP+KuqyCZ6kocwe7+h3cpFeFjKaBxkcbqh5doGA6aQqCVd2ATjkkGOOyYoEu4u1VbkT79YrnhuNEvdl3ena8JlWG47xroCu0/OUWV1vPcjpPkSoz5h0mlyAuTqEBpBorVz7ofkyZyez5D7Z+sgwAw2HqjWN4z9cC/TSxY3BjLH0IbabtMISFZtwFYAYPVIs12CFCRGM9LF00KNdv+khfBaNvooVmLjijaIbSSlhaWnjSShQVshz80mzueqMjvWydfwyvGiGvGDEQ2Iz5PCtxDWGcpTwWLVT2LRC2yTJd08TFbTXi019DCJQoKlNaP73J+L3C1zBcnMycJq0pS2qIkSAcuIpMgnajvyHvaoVMJurUSJXlGs7XCwyFCF5SH91Jymb5XOnKQ9C8Zir6Yj5sEikU1C4QxUIdb9qgEuaEz1ygVLXFrfdZcHMg==; 5:hYKE5R0dPFfg1lQ41enKZJMsAE+x3VUssjwgMmd1bYIo10E5W4UfpeeBeCLYrnu0Npwlnxm2l2R6avKmdNkx3POdAXMms3r5BSQ0JVIK4SCCCFw1jAH6BdZeRXPocgGDZWPX50lu2AJuO6h8rsh5ZNVHOWkwKRvbmdJyAQ7XsOE=; 7:uphZiNakbYKbwcbEAjKoE8AKq5vwMrXp/VeyXL9jY691cXa5PLhSZdvtOnZ/YLwRGl26K5CL6DQVeclEeaO3Elcn4RmsPBx72z3wy9gMcxVdwo5NpjSxcLf5ZyI5KnLMwu0BHMsF38vvqedzF+r7FrppgIWyi/vcm4ktnjWRj/bhlVdtpI5YoomQt5PwRj5PkM+vylaQH7kJPdIIk11aziBV7MnQF6+GmqaGPI1+zGgn7d+EaFdPZJRYN8HjYmTj
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 484a4d6c-3480-4e5a-5578-08d5f300c0e5
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600073)(711020)(4618075)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7193020); SRVR:DM5PR2101MB0917;
x-ms-traffictypediagnostic: DM5PR2101MB0917:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=nibanks@microsoft.com;
x-microsoft-antispam-prvs: <DM5PR2101MB09176507C902FF6802DA4BD1B32B0@DM5PR2101MB0917.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171)(85827821059158)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3231311)(944501410)(52105095)(2018427008)(93006095)(93001095)(3002001)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:DM5PR2101MB0917; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2101MB0917;
x-forefront-prvs: 07459438AA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(136003)(346002)(366004)(396003)(39860400002)(189003)(199004)(6116002)(19609705001)(9686003)(236005)(54896002)(6306002)(55016002)(5660300001)(229853002)(102836004)(76176011)(46003)(6506007)(53546011)(105586002)(106356001)(110136005)(316002)(86612001)(2900100001)(81166006)(8936002)(8676002)(186003)(22452003)(53936002)(86362001)(790700001)(6436002)(97736004)(81156014)(10090500001)(8990500004)(476003)(33656002)(561944003)(5250100002)(2906002)(68736007)(256004)(14444005)(10290500003)(7736002)(99286004)(446003)(11346002)(486006)(93886005)(4326008)(14454004)(478600001)(7696005)(6246003)(39060400002)(25786009)(74316002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR2101MB0917; H:DM5PR2101MB0901.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: Dedj+d3SEpyq6PF6wHlWlAYTKrWTcvYAvhD1tasp9saPeN88f4oaq1SzDZ7T5Ty5IVWu7RhnhCU0Plpg5m6y61DcfTXwN2vGrNimi+3FrBMJu23c/Sh73S/sJ0xhjwW3FCA7Sl+gdk/JQXtr4lgSTDsnmT9roIXLpgWXXTUHulLx9LA4SDcAZfCA2iipPPhh8kr/WwJmwpFeSvvXcObYuO4H/ZUV8gM5PkHEPjhF0ZdAu99Jl3j3YDICB5ppd/9+HESVh+pZ5UYtUHV3nCvWNFiDYPvzfzrodQQQ+tJXoZtWMDbHIcL5WmWn84IfTUtkRcdmywc5at1fC5w4w5WmdeTExZ2ESwjJ4K9hcTD4OLc=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR2101MB0901581E982F410F31E42E2AB32B0DM5PR2101MB0901_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 484a4d6c-3480-4e5a-5578-08d5f300c0e5
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jul 2018 14:04:50.2906 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB0917
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/WHZrfxuiMAcCqtTE3qLim_FPUxQ>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 14:05:08 -0000

First, I think we should limit the discussion to what actually is in V1. Things like post quantum crypto and possible future TLS changes are interesting to reason about, but should have no immediate bearing on the design right now. If things change in the future that might cause additional issues, we should handle them in a future version.

Second, on the topic of only acknowledging packets at a greater than or equal encryption level being even harder or less efficient to implement, while I whole-heartedly disagree, I was thinking about this, and feel we could actually go one step further. Already I have proposed disallowing ACKs in Initial packets and allowing 0-RTT packets to be acknowledged in Handshake packets. We could instead just say no ACKs in Initial packets, but all other packets can acknowledge any other packet. No encryption level requirements at all. The obvious possible point of contention with this, is that it would allow Handshake packets to acknowledge 1-RTT packets. While it is a ‘lower’ encryption level (I don’t really know what that means) both Handshake and 1-RTT keys are keys only the endpoints know. I don’t see any harm in temporarily (as long as you accept Handshake packets) allowing Handshake packets to acknowledge 1-RTT packets. With this design, an implementation that needs to acknowledge something can then do whatever it likes, so long as it doesn’t use an Initial packets.

Next, for not explicitly sending ACK frames in Initial packets, I personally don’t see the explicit event of TLS changing read encryption keys from initial to handshake as an implicit signal. To me, it seems very reasonable to call that out as the explicit signal to treat your initial packet(s?) as acknowledged.

- Nick

From: Patrick McManus <pmcmanus@mozilla.com>
Sent: Thursday, July 26, 2018 5:15 AM
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: Martin Thomson <martin.thomson@gmail.com>; Nick Banks <nibanks@microsoft.com>; QUIC WG <quic@ietf.org>
Subject: Re: Go Back to Single Packet Number Space



On Thu, Jul 26, 2018 at 4:33 AM, Kazuho Oku <kazuhooku@gmail.com<mailto:kazuhooku@gmail.com>> wrote:
I prefer having split packet number spaces, because in addition to
what Martin says, I feel uneasy about allowing a receiver to
acknowledge a packet "in a greater than or equal encryption level."

My understanding is that this the key of the proposal. Use of a
unified packet number space makes sense only when an endpoint can send
an acknowledgement for all packets that it has received in one
encryption level.

This sums up my feelings as well - I really like the explicitness of the separate spaces.

v2.23.0 | Report a Bug | By Email