IETF Logo Mail Archive

Re: Need your help: different connection IDs in the same datagram

Marten Seemann <martenseemann@gmail.com> Wed, 15 July 2020 11:54 UTC

Return-Path: <martenseemann@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 309A13A0C96 for <quic@ietfa.amsl.com>; Wed, 15 Jul 2020 04:54:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TjDZ7CgAcMIH for <quic@ietfa.amsl.com>; Wed, 15 Jul 2020 04:54:16 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08B0F3A0C98 for <quic@ietf.org>; Wed, 15 Jul 2020 04:54:16 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id h22so2214836lji.9 for <quic@ietf.org>; Wed, 15 Jul 2020 04:54:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jWO8cwVLfkhMpvWzkH7sGiyvYHAqebVOnFpu9Dqd2HM=; b=B3/6Kdw/IH1RskoUaa1erW+kwxKWlE+7mri3PWezTUN2s3MQtM7xqL6KK7mhOtD17s UhmSqGWJH0gTyrbOv5lOWFReidNgmeTAB3302OAS0HlLhFV9PeR9zZgff7zsrMuHcdhQ Zlq1jMIOLIgs6hhGLvsspfn5v9oeFLoysmiBOJNX/RlLX1i/iFKIJYuv4XqIO2UUIKaY UJhq89n01DamEgbMReMrYh1yyGY/yspS5KyRdzQ0o6njnACOG8mlTnPwFJY/hFw8XgXQ cD1ZJdX9KFdWSfngMwlRgDB97nHePk6c4xDguw+D1aS7b8dg0FOWsnnAln4TikBJuq1J ghsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jWO8cwVLfkhMpvWzkH7sGiyvYHAqebVOnFpu9Dqd2HM=; b=bsxWS6HsyUpLa3k6Wwd6IUYzP4iL+/e5wHwyAsj7o9OtSlE9SN8gIFaM5yzJv/rZMS jCy+amlJ9/Czzlx5Xyi+aMI8WRUFgEAu5vxbgV4w0XCDLxGLCkljhL+ov7tyWTYDJ7Ul 73gV1kWVUU26PA28om1uNHezv+UCmKUeIMTS2aMF9FBauAf9ChnZY2LoRmuaNvEGeFe9 WXFCDCA38Cyz/ALXSqx6ryEhKjmNFNyR98Uw8eF2thxDFMq4C3waZSac5RgvbwYGsNkJ cUcDAgLTeZyJzNlPgFjMKUb9XlKVg1qz/GEZ3YnPXNoK8aglLpY1qkrYmqy0JSPsx3Os 4vvA==
X-Gm-Message-State: AOAM531JIMoat5e+z1yTakVMbRWhW6wzFxdtad+jt5niq2s1HoU24qsM 0GjXVyH3Mk8UdsWE9CQlZ4Ey4er9499f5mYoKEV0HPGkf2U=
X-Google-Smtp-Source: ABdhPJwlrDwUrAfRz48MGtlej8opCgW/FNh2tRJ1HWQzITQ350vQb5iPMMsnoFPdB39oh5YygbqIUVygrH9uq5CMhfc=
X-Received: by 2002:a2e:8707:: with SMTP id m7mr4441070lji.350.1594814054005; Wed, 15 Jul 2020 04:54:14 -0700 (PDT)
MIME-Version: 1.0
References: <ae21cc02-3357-40c8-a1e9-3966fdf575a5@www.fastmail.com>
In-Reply-To: <ae21cc02-3357-40c8-a1e9-3966fdf575a5@www.fastmail.com>
From: Marten Seemann <martenseemann@gmail.com>
Date: Wed, 15 Jul 2020 18:54:02 +0700
Message-ID: <CAOYVs2o4PJmApJ=4BCNTW5agOJOgfvigyQSVhjvnWFCc_arHcQ@mail.gmail.com>
Subject: Re: Need your help: different connection IDs in the same datagram
To: Martin Thomson <mt@lowentropy.net>
Cc: QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002c02aa05aa799586"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/t8mK3nj16CkfvMCV8fBzOJscp28>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2020 11:54:18 -0000

Let's have a look where this situation can occur:

During the early stages of the handshake it is not possible: The client
changes its connection ID used for Initial and 0-RTT packets as soon as it
receives a new connection ID provided by the server in a Retry or Initial
packet. The earliest time where a client could possibly coalesce packets
with different connection IDs is after receiving the Server Preferred
Address, and decides (for whatever reason) to not migrate to that address,
but to use that connection ID on the original path (and before the
handshake is confirmed).

The server needs to receive a NEW_CONNECTION_ID frame before it can change
connection IDs. The earliest this can happen is in a 0-RTT packet, so in
principle a server could start using that connection ID in its first flight.

I can see little reason to 1. start using a new connection ID during the
handshake and at the same time 2. to not completely switch to that
connection ID, but instead to continue using both at the same time.
To be clear, it isn't prohibited to use multiple connection IDs at the same
time (and on the same path), it's just that there's no good reason to do
so. I don't think it's too much of a burden to ask implementations that
still decide to do so to make sure that the connection IDs used in a
coalesced packet match, considering that for the receiver it's more
cumbersome to check that all connection IDs are actually valid for this
connection than to just validate that all packets use the same connection
ID.

On Wed, Jul 15, 2020 at 2:24 PM Martin Thomson <mt@lowentropy.net> wrote:

> https://github.com/quicwg/base-drafts/issues/3800 discovered a minor
> "discrepancy" in our requirements for coalescing packets.  We required that:
>
> * senders not coalesce packets for different connections in the same
> datagram.
>
> * receivers reject packets with different connection **IDs** in the same
> datagram.
>
> https://github.com/quicwg/base-drafts/pull/3870/files was the result of a
> discussion where I was convinced that looser constraints here weren't
> harmful.  The requirements would identify connections, not connection IDs.
>
> Originally, my inclination was to fix the requirement on the sender to use
> connection IDs, which would remove some linkability.  But then I was
> reminded that linkability is already defeated for several reasons.  You
> can't coalesce outside of the handshake and we require a stable path for
> the handshake AND long headers include a source connection ID that can be
> used for linkability.  So the linkability concern is basically lost.
>
> We also learned that some implementations were generating packets while
> processing incoming packets.  Later they would coalesce these into a
> datagram that might then have different connection IDs on the packets it
> contains.
>
> There has been some opposition to the proposed resolution in PR 3870.
>
> Apparently, for some, having multiple connection IDs in the same datagram
> complicates processing.  I don't understand this objection.  It seems to me
> more difficult to retain state across packets than it is to process each
> atomically.  I was hoping that Christian or Nick can explain more about how
> this affects them.
>
> Marten also indicated that there was a reason not to allow this, but if I
> understand that, this is based on some potential for future optimization,
> which could be conditional on having consistent connection IDs.  If we
> moved to a scheme that required consistent connection IDs, anyone using
> that scheme could be required to avoid coalescing different connection
> IDs.  So this seems more of a theoretical concern.
>
> And - in anticipation of maybe choosing to make senders use a consistent
> connection ID - if you might be generating coalesced datagrams with
> different connection IDs in packets, how hard would it be to ensure that
> these are consistent?  Lars and Ian, I think both of you indicated that you
> might do this.
>
>

v2.23.0 | Report a Bug | By Email