IETF Logo Mail Archive

Re: [TLS] Efficiency of ACKing scheme

Hanno Becker <Hanno.Becker@arm.com> Fri, 03 April 2020 17:00 UTC

Return-Path: <Hanno.Becker@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDEB73A0832 for <tls@ietfa.amsl.com>; Fri, 3 Apr 2020 10:00:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=O5hCoGvg; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=O5hCoGvg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fi1KnTF0aDyT for <tls@ietfa.amsl.com>; Fri, 3 Apr 2020 10:00:13 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10043.outbound.protection.outlook.com [40.107.1.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 814CB3A082E for <tls@ietf.org>; Fri, 3 Apr 2020 10:00:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3wXcXRph9N0rZEUOLQDAN4uoUE5M38/pKHRSieLx6Ck=; b=O5hCoGvgAAtngIwaIrNKYP9kuYWFVQ0Gaw8YVimdY/+qFcW8GZZXy3XyrvE8yKYeY/C3XxgFptx8dcTeV6lUdNPBFsQZsfMfmgKFLJLaSS7NMFQkqK3dh2XX2MpKzzlNImk0FBq2qsGWFVnMRbiatraumgocFp6Z0oAidATtGx4=
Received: from VI1PR0701CA0035.eurprd07.prod.outlook.com (2603:10a6:800:90::21) by AM0PR08MB3027.eurprd08.prod.outlook.com (2603:10a6:208:61::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20; Fri, 3 Apr 2020 17:00:08 +0000
Received: from VE1EUR03FT040.eop-EUR03.prod.protection.outlook.com (2603:10a6:800:90:cafe::f6) by VI1PR0701CA0035.outlook.office365.com (2603:10a6:800:90::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.12 via Frontend Transport; Fri, 3 Apr 2020 17:00:08 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT040.mail.protection.outlook.com (10.152.18.210) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.17 via Frontend Transport; Fri, 3 Apr 2020 17:00:07 +0000
Received: ("Tessian outbound 5345ff401cf8:v50"); Fri, 03 Apr 2020 17:00:07 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 9de29acbe45d3f3d
X-CR-MTA-TID: 64aa7808
Received: from 9c4322501f4a.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C558B1CD-4E99-474C-80C5-A1B2F9AA2BB0.1; Fri, 03 Apr 2020 17:00:02 +0000
Received: from EUR01-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 9c4322501f4a.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 03 Apr 2020 17:00:02 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LWG/uA87ZxCSsGcbBb3knpgv5v55eIXmazX6wIL0j/LIDaHTREF8kwxYFaruFiHjDRVqCi0rD4X0+MABzhI//T2mJ0UizPpk1iTsGTRqK0JTDX9pc83IYF43ndEWlLQyBkNZHPNYy6KMKfMQdp3blhv1gX3HPhLeTY76+Ok1DGpQP8SzJddKlE/Cw6yPYwAUUosyBarTklxYUc26Qc5dcrtiP1/XHpQ1GqpKntq2QwxHRpK9DUUo0GwYfMYTRPaoMMFD/pzzOUrUbQwV+ZuYLCLo37lwr0Tl0z63QzFC4ZsT+q127/teReFK9POv+B+UfetGPf4qUl0x7CEfI25Obg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3wXcXRph9N0rZEUOLQDAN4uoUE5M38/pKHRSieLx6Ck=; b=TskNIhpfJo1Qx/wtGTy3ZaPh+HzSjjAAycwrTh2uOkDbsksKt0xuaFwhh7VxA0C9JohKy+oVSIyj1UDlvQo46cOtJd2RMTJSBjqfu/wZBHOtaFOea520x6g0ywoeXoGbW7li+Zi1jHCJ5nD/KkQP5enpQ7usKWV0p6kjMSmyL/dcwAh6cs7v/zayii6RQV9aM0seC+G1obC09tskiOO9OMrRpehqDrWZoXdFQkRepIU06REA7qTEXrUJoMCibm8ATiUcyxw9qxCS2fStaXlUn2pkpEKMiiANDceObDjpfdaA7X+1FXnbnl0SFGtRxYC+VeOZ8LsykAYh7jR2ptojeQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3wXcXRph9N0rZEUOLQDAN4uoUE5M38/pKHRSieLx6Ck=; b=O5hCoGvgAAtngIwaIrNKYP9kuYWFVQ0Gaw8YVimdY/+qFcW8GZZXy3XyrvE8yKYeY/C3XxgFptx8dcTeV6lUdNPBFsQZsfMfmgKFLJLaSS7NMFQkqK3dh2XX2MpKzzlNImk0FBq2qsGWFVnMRbiatraumgocFp6Z0oAidATtGx4=
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com (52.135.163.143) by AM6PR08MB3909.eurprd08.prod.outlook.com (20.178.91.78) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.16; Fri, 3 Apr 2020 17:00:00 +0000
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d]) by AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d%5]) with mapi id 15.20.2856.019; Fri, 3 Apr 2020 17:00:00 +0000
From: Hanno Becker <Hanno.Becker@arm.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Efficiency of ACKing scheme
Thread-Index: AQHWCdUmcw6BnTFxZ0GrZHianQcZlahnnDQQ
Date: Fri, 03 Apr 2020 17:00:00 +0000
Message-ID: <AM6PR08MB331832C84A0E5D04AA5612A99BC70@AM6PR08MB3318.eurprd08.prod.outlook.com>
References: <AM6PR08MB331820C710440F07055382739BC70@AM6PR08MB3318.eurprd08.prod.outlook.com>
In-Reply-To: <AM6PR08MB331820C710440F07055382739BC70@AM6PR08MB3318.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
x-originating-ip: [86.181.127.140]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 8b73ab27-e647-4df7-4fc3-08d7d7f076b7
x-ms-traffictypediagnostic: AM6PR08MB3909:|AM0PR08MB3027:
X-Microsoft-Antispam-PRVS: <AM0PR08MB3027376F584AF5444C4556E29BC70@AM0PR08MB3027.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 0362BF9FDB
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3318.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(136003)(39860400002)(366004)(376002)(396003)(346002)(26005)(86362001)(8936002)(186003)(8676002)(7696005)(71200400001)(316002)(81166006)(81156014)(2940100002)(6506007)(76116006)(55016002)(66476007)(66446008)(64756008)(66946007)(66556008)(33656002)(53546011)(19627405001)(5660300002)(478600001)(52536014)(9686003)(2906002)(6916009); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 1lSZu7XzyqQfcphDGSQlsZ7ALjOMh/hSszs6+BwGg0LX3hBxLX3gPlqEyu6OrCHpe1H3BCyruYw0rE8J/9+/4NJJ3M1KliKEFYjrIFD6aZavEBjgFzVYUi1C9re4m9hhaBRvEaWJHZow1Jg8fcs6Jc41bLXRzDdGD0M9vxnF65AaoUR/WdWRVve1ku/ZhOcba8uH1Iq02fTFs4xWfnJ8BA2b/GX/l60e2aAJkU+Ryjzrds0WOEMNo6zUpH4y5Kp1bU0vTCkrb3JoAKwVCLRSwvmu41oAHnaHj5fItV88pUpKRpZdvhq3sYuacm9ohXMw0WGNOHLmgSNLyY2205dpMSuOsc1MXfFI6rfczb971/1nQ7j8FjRpM7a8RqYylSQabyAi+DzfFFyt5Fll8RmRfZVuxbrWxA7NYpLtaEOtTapjykCHFFQbzSUk26/Bv7RX
x-ms-exchange-antispam-messagedata: 3JgTfcbrH0htYdF4apQBGrdmIYzx8QVt6bNpzcQ8RcjF4U3IHxDvq9ECZo8+YWOPGnd1kNqyoDeR50kTTgat6Pf1DxHkHjvyrT1MErFduRKECdo5To5A8IeIMLpZaFkH7vx9EY8NPGPRfCChE5MhRw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM6PR08MB331832C84A0E5D04AA5612A99BC70AM6PR08MB3318eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3909
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT040.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(376002)(346002)(136003)(39860400002)(396003)(46966005)(81156014)(81166006)(19627405001)(47076004)(86362001)(2906002)(186003)(6916009)(8676002)(53546011)(55016002)(26826003)(70206006)(82740400003)(70586007)(26005)(30864003)(478600001)(6506007)(36906005)(7696005)(33656002)(52536014)(8936002)(5660300002)(356004)(2940100002)(316002)(9686003)(336012); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: bb01e634-92ce-4720-f00d-08d7d7f0724c
X-Forefront-PRVS: 0362BF9FDB
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: j4k5hQOM/oVGXHNJF/Bbjpvxo+g25rBvBxMrfbkmDmXfhsY8f+FYZU7RYL1neav/PDjFxUHhjP3OtQzDchU6kyMbfNY+ElszRY0pnGerkJiJ3admxpQaQMezxYS4E1ypr6P5EBG/q/q+thN7SK8Hwdv6AfEMlLg3lTZRvYVACdW6muIEBd/CrdCnNNtdAZXAx3kDXX5M8IllR36zb0Q+Pj0i2+Py0os6+ipZ68IkezIcGbga2gOSbZ2HuGj6iahrFCW3hadONOoRuntud+rmHB75AsXS8gGt/G0FQ2eF3qt6cL8n1oi1otrW2v1BO0kBxT51JPSRHprmbGM8G0wvA/afpQRXEXZlC/0QS+zgfBsz+wAaCuwHR+uKNblZ8Dw0m5mA1sEuPC20LvzUiyGHYvHduV1uVMWyCi3o//rFBq/E0bssCgpS+491ewC7jfQ2CR4eOHf9WiYeeppwA1D+iFEOWG/3OXEWaBHmMm/la2Xf5hd824mhQWZ9VkpDDEKBj7HCxlb8MR1gt0Er2g+EIQ==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Apr 2020 17:00:07.8741 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8b73ab27-e647-4df7-4fc3-08d7d7f076b7
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3027
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lBjlx4DXxgEIKgQjKhMq8S_H18w>
Subject: Re: [TLS] Efficiency of ACKing scheme
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2020 17:00:16 -0000

An additional note: All solutions which retain the paragraph


   Upon receipt
   of an ACK for only some messages from a flight, an implementation
   SHOULD retransmit the remaining messages or fragments.

and hence trigger retransmission immediately upon receiving a partial ACK,
suffer from the following problem:

On Low-MTU networks, and looking ahead at the use of Post-Quantum Cryptography,
it might happen that a single ACK is too small to hold the entire list of record
sequence numbers of the flight being ACKed.

Doing the math in an example: If the maximum plaintext size is, say, 512 Bytes,
then a single ACK can not ACK more than 64 Records, each of which contains at
most 512 Bytes of handshake data. Hence, we've got a theoretical max of ~32Kb
flight length we can ACK in a single ACK message.

While this seems a lot, some PQC schemes go beyond that. For example, the SPHINCS
signature scheme has 41Kb signature size.

To avoid this problem, it appears beneficial to go for option 2., that is, don't
retransmit immediately upon receiving an ACK, but accumulate some ACKs first. This
allows to split ACKing a very large flight into multiple ACKs.
________________________________
From: TLS <tls-bounces@ietf.org> on behalf of Hanno Becker <Hanno.Becker@arm.com>
Sent: Friday, April 3, 2020 5:35 PM
To: tls@ietf.org <tls@ietf.org>
Subject: [TLS] Efficiency of ACKing scheme

Hi again,

The DTLS 1.3 ACKing scheme seems to be quite inefficient as it is written,
and I wonder if the current spec matches the authors' intentions.

Example:

Consider a flight broken down as sequence of records 1, 2, .., N.
Assume record 2 gets dropped, while all other records go through
without reordering, corruption or loss; hence, the record sequence
observed on the receiver is 1, 3, 4, ..., N.

Then, according to the spec, the following SHOULD happen:

On the receiver-side, we have the following from Section 7.1:

```
   When an implementation receives a partial flight, it SHOULD generate
   an ACK that covers the messages from that flight which it has
   received so far.  Implementations have some discretion about when to
   generate ACKs, but it is RECOMMENDED that they do so under two
   circumstances:
   *  When they receive a message or fragment which is out of order,
      either because it is not the next expected message or because it
      is not the next piece of the current message.
```

So, when the receiver receives records 1 and 3, it notices that 2 is missing
and immediately sends an ACK for { 1, 3 }.

On the sender-side, we have the following from Section 7.2:

```
7.2.  Receiving ACKs
   When an implementation receives an ACK, it SHOULD record that the
   messages or message fragments sent in the records being ACKed were
   received and omit them from any future retransmissions.  Upon receipt
   of an ACK for only some messages from a flight, an implementation
   SHOULD retransmit the remaining messages or fragments.
```

So, when the receiver receives the ACK for { 1, 3 }, it resends records
2, 4, 5, .., N.

That's obviously not optimal, and probably not what was intended, but what
unambiguously appears to be the recommended behavior according to the spec.

How should this be resolved?

I see two similar and comparably unintrusive options:

1) Send ACKs only after period of inactivity

   Instead of sending ACKs straight away when something hints at
   something going wrong (such as an out-of-order receipt), as
   currently stated in Section 7.1, only send ACKs after a period
   of time where no further messages has been received.

   That is, replace the current version

```
   When an implementation receives a partial flight, it SHOULD generate
   an ACK that covers the messages from that flight which it has
   received so far.  Implementations have some discretion about when to
   generate ACKs, but it is RECOMMENDED that they do so under two
   circumstances:
   *  When they receive a message or fragment which is out of order,
      either because it is not the next expected message or because it
      is not the next piece of the current message.  Implementations
      MUST NOT send ACKs for handshake messages which they discard as
      out-of-order, because otherwise those messages will not be
      retransmitted.
   *  When they have received part of a flight and do not immediately
      receive the rest of the flight (which may be in the same UDP
      datagram).  A reasonable approach here is to set a timer for 1/4
      the current retransmit timer value when the first record in the
      flight is received and then send an ACK when that timer expires.
   In addition, implementations MUST send ACKs upon receiving all of any
   flight which they do not respond to with their own messages.
```

   by something along the following lines:

```
   As long as implementation has received some but not all of the next incoming
   flight, it SHOULD send an ACK message after an implementation-defined period
   a time during which no further messages are received. A reasonable approach
   here is to reset a timer to 1/4 the current retransmission timer with every
   record received in the current flight, and send an ACK when that timer expires.
```

   In the above example, this would mean that as long as records 3,4,...,N arrive
   in close succession, it will only once send an ACK for {1,3,4,...,N} in the end,
   triggering retransmission of record 2 only, which is optimal.

   The drawback of this is that the receiver of a flight does not inform a peer
   about a gap in a flight as soon as it notices it. For this to work, the content
   of an ACK would need to be what's missing instead of what's present, which
   appears to be a too intrusive change to be considered at this stage.. The
   benefit of this approach is that it leads to very good retransmission bandwidth.

2. Essentially same as option 1., but 'mirrored': Allow the receiver of a flight
   to send ACKs recurringly (though preferably still bunched, i.e. using some timer
   for the bunching), and replace the part of Section 7.2:

```
7.2.  Receiving ACKs
   When an implementation receives an ACK, it SHOULD record that the
   messages or message fragments sent in the records being ACKed were
   received and omit them from any future retransmissions.  Upon receipt
   of an ACK for only some messages from a flight, an implementation
   SHOULD retransmit the remaining messages or fragments.
```

   by something along the lines of

```
7.2.  Receiving ACKs
   If an implementation receives an ACK for parts of a flight, but doesn't
   immediately receive ACKs for the rest of the flight, it SHOULD retransmit
   the messages that have not been ACKed. A reasonable approach here is to
   reset a timer to 1/4 the current retransmission timer with every ACK record
   received, and retransmit the last outgoing flight when that timer expires.
```

Let me know what you think and which option (if not a completely different one)
you'd prefer.

Cheers,
Hanno
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email