Re: Simplify ACK frame retransmission
Eric Rescorla <ekr@rtfm.com> Wed, 06 December 2017 18:22 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EF9B126CD8 for <quic@ietfa.amsl.com>; Wed, 6 Dec 2017 10:22:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ChYyI5-jzFFn for <quic@ietfa.amsl.com>; Wed, 6 Dec 2017 10:22:00 -0800 (PST)
Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com [IPv6:2607:f8b0:4002:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 071F21241F5 for <quic@ietf.org>; Wed, 6 Dec 2017 10:22:00 -0800 (PST)
Received: by mail-yw0-x22a.google.com with SMTP id l7so1911464ywa.13 for <quic@ietf.org>; Wed, 06 Dec 2017 10:21:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1CHgSnQDm5pHOwWQnbmpof5IoOCxADI7zwzU4XmURVo=; b=ISxW1JhJD/wMTtXeQKBWEZfbjtjHHy/wsACekQ4Num88NF7kTBYrks5aYU07S6eDrE /bAiT5jU9RPs492r/N/mUe73U0F1fYyJptahHPMrEv0iLjd/IYcbp6wSH+c/G0Q1BNOr QYX2AZpOhBDw+hcfcaa07X7v9FfbYO+fQkLyv3wjpFxNlF4OzWv6LEcchDmCOAqRWFH3 dmrlT5vXfPnboIAq+5y2MHG4Gl76TsAzZgkCU/9gh+JuVxavamLxjMIonIVKzFk+lP3k n8lUnaajpXe+XeIA084sjoOjh0zQ6i/PGwXzroB5tEaHhKZ8RsNo9hhEJ+hklkmV4H4J kXQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1CHgSnQDm5pHOwWQnbmpof5IoOCxADI7zwzU4XmURVo=; b=Tgw1TK7dtqOdOe00/s+phJHsM354e5tQVFVarbgWQsUdBgCUiuGKrr+/iGcQoAZGVv A/9jZEbltOw8Nb0VxrWvp7wkiUqTZRwQ4wd6XOMv95bv+sHFD8T/lt8IQgROjWA2VVv4 2mliHrh453sGWqNzgE2X1HiG20XwtnSlvKTZqJRNp6HjzaSFca44axSf424UHR2atgp7 vcj9vQQnXpRni2DXGhtDyaIE4gGBlvZUqW7UlKZ/qi/YdTM4R2/khwuZVmQTND5JvbYP TMoLhXMiq9UpptoE9pc2Y6coZzyCwe1fdxgboD4faAN2Mbada59LeNt92NdRXI8/3QQn YH6Q==
X-Gm-Message-State: AJaThX5STfwZJOENrn6nBpPnFzUA8UrI4iH6cPt2GScfF2tXzAV4SHj0 DS+BnflVJDWrOcLrF10hJDpwQCxDz6cEDVPoPnkSrw==
X-Google-Smtp-Source: AGs4zMZlJMKHPe3gFRLNG21AXjV+HN8D1PHEm8g0ER1kHqk9xHf2GSg4AuFkpu3pXm7qpiTr4/Jy00lyZsNZbgeyE78=
X-Received: by 10.129.87.210 with SMTP id l201mr16940816ywb.2.1512584519078; Wed, 06 Dec 2017 10:21:59 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.123.132 with HTTP; Wed, 6 Dec 2017 10:21:18 -0800 (PST)
In-Reply-To: <CAN1APdfty+2Qdm+W87F1yRfrTzoVvH+fmvh9g7=1MY8bA9wvGg@mail.gmail.com>
References: <CAN1APdfn42kQvYjzrbApgdsv2qHdUnxk0NyP2RJKaUTz3nAyQA@mail.gmail.com> <CAGD1bZbgjpZ0kxToR8PxxPtC1O1R02G-mV8PC6rCaHeU6h3N1Q@mail.gmail.com> <CAN1APdfmdi1nbuyp69SVj8yOurvmb=OOaqn5XCpK6Cb1g5XJSA@mail.gmail.com> <CABkgnnXvTO_KOKk_bmMZwy3RLjhxrCL3o7sOQOJ8=BvjE58-Jg@mail.gmail.com> <CAN1APddx1_JUWmbUaiCSuJpwBQHbr9=YHzCUUw+dY_uWXSyHww@mail.gmail.com> <CABcZeBMy3f7JUFz5n6FOhzgi6zJGeS3s84iivAKgLddAHitdSg@mail.gmail.com> <CAN1APdfty+2Qdm+W87F1yRfrTzoVvH+fmvh9g7=1MY8bA9wvGg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 06 Dec 2017 10:21:18 -0800
Message-ID: <CABcZeBN5MkogCjb+7KPKmPpBPaBPKuf7r=EdXBm5w_L+C56cxw@mail.gmail.com>
Subject: Re: Simplify ACK frame retransmission
To: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, Jana Iyengar <jri@google.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="001a11457576f3eca1055fb006e2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/uGcgKksd9LWeCFGEM2sX-WmiJxA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2017 18:22:02 -0000
On Wed, Dec 6, 2017 at 7:25 AM, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> wrote: > Answers inline below > > > That is good to hear, but I believe the TLS1.3-22 draft requires RSA PKCS1 >> signatures which is the heavy part (RFC8017) and the draft does not appear >> to make this negotiable from what I can tell. >> > This is just an interop requirement. I.e., if you don't do this then you > will not be able to talk to the large number of servers who have RSA only > keys embedded in PKCS#1 certs. It's quite possible to just support Ed25519, > and you say so using the signature_algorithms extension. Obviously, if you > say that, then you will have a handshake failure with anyone without a > suitable key, but in a closed world that's fine. IMO it would be better to > advertise the usual TLS/QUIC versions and be officially non-compliant than > have a new version that differed only along this axis. I imagine we could > put in some weasel words if necessary about closed environments. > > That would be fine with me, it is just that MUST in TLS sec. 9.1 is a > strong word, so you couldn’t really say you use TLS1.3 and hence not QUIC, > unless some permission was granted towards this use case. > Well, you would be a nonconformant QUIC implementation. It's not like you're going to get arrested. > As to Raw vs OpenSSH I will have to study the details further. Getting rid >> of DER would be very nice, but it can be overcome, but there is more to it. >> One part is the file/blob format, another is the metadata such as domain >> and expiration date, and the third is the tooling around it. OpenSSH has >> simple tooling and it can also be re-implemented standalone with just an >> Ed/X25519 library and simple blob parser/printer (I can open source one if >> anyone is interested). The alternative is to deal with OpenSSL tools and >> rather convoluted CA mechanisms and possibly trust chains. But I do >> acknowledge that the public internet evolves around these types of >> certificates and that this is unlikely to change >> > I'm having trouble visualizing your environment here. Are you doing TOFU, > in which case this is just an issue of transporting the keys, or are you > actually operating some kind of CA system? In any case, it's also possible > to add OpenSSH certificates to TLS (it's just a code point), but I would > generally not be in favor of that unless it was really needed. > > The environment is not fully fleshed out but in summary it is about server > to server peer networking with multiple levels of trust and satellite > access. Satellites might be non-standard low resource systems. > > I do have CA in mind, but for simpler use cases TOFU (trust on first > sight) pointing to an authorized_keys file is also a consideration. > > I want some very trusted central piece of software to create and sign > certs that other parties trust in order to establish a peer to peer server > network. Shamirs Shared Secret could be part of the setup. In this case the > minimum complexity needed to implement a CA is desirable and > OpenSSH/Ed25519 is close to that as a model even if not using OpenSSH > software directly. > > In addition, external parties might want to join a sub-net or create their > own compatible key management infrastructure. In this case OpenSSH tooling > is much simpler to use than OpenSSL and something operators do regularly > for SSH login. It is beneficial that some server software can be configured > to accept such a user provided key. Notably users might feel better knowing > a key is generated by a piece of software they know and trust. > > The above does not require that QUIC uses OpenSSH directly, just that > there is a low-cost translation. > > The use of DNS based auth is not very useful when network addresses might > be routed on overlay networks and/or having address that are not advertised > by DNS, or when not having any meaningful address at all (e.g. content > based routing). Even without SSH tooling, it is reasonably easy to > implement custom tools based on the same concept when the underlying > primitives are largely the same. > > Some of this is not directly applicable to QUIC because it operates trust > at a higher level, but such a system must still manage the keys used by > QUIC connections and it is preferable that all components can agree on the > basic primitives. > OK. Well, I'm generally not that enthusiastic about inventing cert formats, but there's no technical obstacle that I know of. -Ekr
- Simplify ACK frame retransmission Mikkel Fahnøe Jørgensen
- Re: Simplify ACK frame retransmission Jana Iyengar
- Re: Simplify ACK frame retransmission Mikkel Fahnøe Jørgensen
- Re: Simplify ACK frame retransmission Martin Thomson
- Re: Simplify ACK frame retransmission Mikkel Fahnøe Jørgensen
- Re: Simplify ACK frame retransmission Mikkel Fahnøe Jørgensen
- Re: Simplify ACK frame retransmission Eric Rescorla
- Re: Simplify ACK frame retransmission Mikkel Fahnøe Jørgensen
- Re: Simplify ACK frame retransmission Eric Rescorla
- Re: Simplify ACK frame retransmission Victor Vasiliev
- Re: Simplify ACK frame retransmission Eric Rescorla
- RE: Simplify ACK frame retransmission Mike Bishop