IETF Logo Mail Archive

Re: Read-out on offline connection ID discussion

"Brian Trammell (IETF)" <ietf@trammell.ch> Thu, 25 January 2018 09:49 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BF7912E87F for <quic@ietfa.amsl.com>; Thu, 25 Jan 2018 01:49:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wKq6z2zCqng9 for <quic@ietfa.amsl.com>; Thu, 25 Jan 2018 01:49:08 -0800 (PST)
Received: from gozo.iway.ch (gozo.iway.ch [212.25.24.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B66112D847 for <quic@ietf.org>; Thu, 25 Jan 2018 01:49:07 -0800 (PST)
Received: from gozo.iway.ch (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 4FE4D340D6A; Thu, 25 Jan 2018 10:49:03 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by localhost (ACF/6597.31793); Thu, 25 Jan 2018 10:49:03 +0100 (CET)
Received: from switchplus-mail.ch (switchplus-mail.ch [212.25.8.236]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gozo.iway.ch (Postfix) with ESMTPS; Thu, 25 Jan 2018 10:49:02 +0100 (CET)
Received: from nb-10604.ethz.ch (account ietf@trammell.ch [82.130.102.91] verified) by switchplus-mail.ch (CommuniGate Pro SMTP 6.1.18) with ESMTPSA id 43263051; Thu, 25 Jan 2018 10:49:02 +0100
From: "Brian Trammell (IETF)" <ietf@trammell.ch>
Message-Id: <CA098DB1-0B04-4546-9F4C-0A10C1521365@trammell.ch>
Content-Type: multipart/signed; boundary="Apple-Mail=_04B55BF3-90C9-4A74-A993-143DC6C04329"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: Read-out on offline connection ID discussion
Date: Thu, 25 Jan 2018 10:49:02 +0100
In-Reply-To: <CABcZeBO8UcdsPPp7D-3gZW8tuDqNhP-z+O1+WH=68KjbfYMr5A@mail.gmail.com>
Cc: IETF QUIC WG <quic@ietf.org>
To: Eric Rescorla <ekr@rtfm.com>
References: <CABcZeBO8UcdsPPp7D-3gZW8tuDqNhP-z+O1+WH=68KjbfYMr5A@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/yrKBBrGMjCYxDblMF6mAqpy4GYA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2018 09:49:11 -0000

> On 24 Jan 2018, at 23:36, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> Hi folks,
> 
> We didn't really reach a conclusion, but here's, I think what there
> was at least some support for:
> 
> - The long header has a variable length connection ID which has an
>   explicit length field on the wire, with a max length (strawman: 32
>   bytes). The exact wire encoding to be designed by the editor.
>   Similarly, NEW_CONNECTION_ID would have a variable length
>   encoding.

This seems like a perfectly reasonable starting point.

> - The short header has a variable length connection ID which has
>   an implicit length (i.e., it cannot be decoded unambiguously
>   by an observer who is not part of the connection). However,
>   the CID may be self-describing, so that the server may include
>   a length field if it so chooses.

A question about the details here:

We put the CID (if present) up front in the short header so that it's easy for load balancers to find; the packet number in -08 (which is necessary to sequence and decrypt packets) is similarly easy for the endpoint to find -- CID is fixed length and either present or not.

If the CID is varlen and its length is implicit in the CID itself, then the receiver needs to decode the CID in order to find the offset to the packet number so that it can decrypt the packet number in order to sequence the packet and decrypt the rest of it. This implies the receiver always needs to know how to decode enough of the CID to skip it (which can be trivially done in a transport parameter, but still).

I presume the encrypted representation of the packet number on the wire will be fixed-length, so we can fix this by moving the CID back behind the packet number, but I'm not sure where we are in the tradeoff space between forcing load balancers to skip N bytes before making a routing decision and forcing packet receivers on both sides to always do more work to parse the packet.

Cheers,

Brian


> There was rough consensus on the second point, but some disagreement
> about the first point. The major alternative proposal was to have
> a fixed-length CID field in the long header and NEW_CONNECTION_ID
> and then truncate it to an amount carried in transport_parameters.
> This would have the benefit that the length of the CID would be
> throughout the connection whereas if we wanted that rule for the
> other design we would need a rule.
> 
> One thing that makes this second approach unattractive is that we want
> the server to be able to use a 16 byte connection ID (thus allowing it
> to be AES-encrypted) but it also needs to be able to include
> meta-data, such as a key-id for rotation or potentially a length. This
> tells us that you need to have a maximum connection ID larger than 16
> bytes, and having a fixed 17-20 byte CID seems odd.
> 
> -Ekr
> 
> 
> 
> 
> 
> 
> 
> 
> 
>

v2.23.0 | Report a Bug | By Email