Re: [TLS] DTLS 1.3 ACKs
Martin Thomson <martin.thomson@gmail.com> Tue, 24 October 2017 21:40 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B4C813F86C for <tls@ietfa.amsl.com>; Tue, 24 Oct 2017 14:40:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZGZyXjGzJNka for <tls@ietfa.amsl.com>; Tue, 24 Oct 2017 14:40:57 -0700 (PDT)
Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C52B13F865 for <tls@ietf.org>; Tue, 24 Oct 2017 14:40:57 -0700 (PDT)
Received: by mail-oi0-x234.google.com with SMTP id c202so39806276oih.9 for <tls@ietf.org>; Tue, 24 Oct 2017 14:40:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=se+20zQ1510N1TTjA5jP1MuRSbsgAxnN2w0eMiICZXo=; b=Rn/XQVVDlBcChDY0WnTeSV8Gi9bHs0noOI+qeidJ7Qb0XoCD3oT6awk6DWuUw0oCgN aApbwdUbpVh+zXJXPZEbyVl9AZmAfnXmSeecof4VlIWWoJ19PLdVt6OQ1tPg6ZshHs6g PEUeqZaJx/Hx+kznUNk37rUczVkuQHOH1vJj3gLzXYURERKfpZ1IZfQXxcOivLAXtG3f vAIAoB0BwgpPMOleWhIF70vpVkTB2Kkiq6uEayc3KGl6okUX3os8OiJApxZ7ffhafpjS Vg3kqPeIv5SV7TMwv7OkemqDFyMfMveEUNQ9AP7ONEToLzhjuYX6uUV+8lfjRf9YRYVi 1gTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=se+20zQ1510N1TTjA5jP1MuRSbsgAxnN2w0eMiICZXo=; b=QoCAoQwYBprWUtl4R8uZtT3yd/UISpaxOVqpaFC7BU50gT7MdELu5i46Bh6FuxOcQ/ h+2fgk07q0TBcyCykXwYTcDQZzJ/Voq5Gl1M4E017cA7trWMaB1BJpoJmlVrW0NjVYi9 UXkw712j6QTCthFXR9kHdVkwvIJORLvG/wx9kwfxVq/uPZtb5WAtFRlGED3d3mDZwr1M F3JPfNq+vuHfMRCfnSMhGOZh6a347C41XRYTatEczgpIb8CSWLRfQ0N2mGU1QMly3EnB ZOcBzwtmyxI76RzBgZVhCJMu66SxOdiG6Dh/uBwZjpOohy5Q0gaMWQXgHN9Rx4cCgL+g QRdw==
X-Gm-Message-State: AMCzsaW3CvzgvCwnpHL75hhTDme/j2b8oa/78phP+Ufx5rucsosFNHXR HeSdqj+nuho/MPVX1fe1UNZFnjFStUQu8bjYt68=
X-Google-Smtp-Source: ABhQp+TsLYsjFBDZrLAlVt3HqzMJcnpvDFSk3592PyXdS5w6MHvhdL4PJ9jrnUj1D/xu101ZTLRWn8e8CoFT5OMUA/0=
X-Received: by 10.157.37.90 with SMTP id j26mr26993otd.401.1508881256433; Tue, 24 Oct 2017 14:40:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.72.178 with HTTP; Tue, 24 Oct 2017 14:40:55 -0700 (PDT)
In-Reply-To: <20171024135929.ijathkbwc3vh4635@LK-Perkele-VII>
References: <CABcZeBNvaZmbvUTmzvGznqSBmEDn4KAeFXxyxHcR25bV9WVUDg@mail.gmail.com> <20171024135929.ijathkbwc3vh4635@LK-Perkele-VII>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 25 Oct 2017 08:40:55 +1100
Message-ID: <CABkgnnX0cWsokvYUMWAv-SpYaRUuyTo47UA_V-5qEj-v1NeqAg@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2E_iHAa9GmXYKOwAx_EZizsNxEc>
Subject: Re: [TLS] DTLS 1.3 ACKs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 21:40:58 -0000
On Wed, Oct 25, 2017 at 12:59 AM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > On Mon, Oct 23, 2017 at 06:14:33PM -0700, Eric Rescorla wrote: >> We now have DTLS 1.3 implemented in NSS, which went pretty cleanly. > > What is the _worst_ case memory usage (both sending and receving) for > handling the acknowledgements and guaranteeing forward progress in all > reasonable cases? Exact numbers are difficult, but in general, the sender needs to remember an entire flight, plus the records that it sends and the parts of the flight that were in those records. In our implementation, we use ~35 octets per handshake message fragment, which could be reduced, possibly by quite a bit. Worst case is with large messages and small MTU/record limit with lots of packet loss, where you might have a fairly large number of these records to track what was sent. That is in addition to whatever messages you send, which you have to remember once they are constructed (Certificate being a real wild card here, of course). As you say, you can limit this by ensuring that you limit the size of messages and the number of fragments that you have outstanding. The receiver really only needs to track the data it receives. We (currently) pretend not to receive packets if they aren't contiguous with the data we have, so our outstanding memory is at most one handshake message and a couple of status variables. Once the handshake message is complete, we process it. If we had progressive parsing and processing, that might go lower, but we don't target constrained devices.
- [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Martin Thomson
- Re: [TLS] DTLS 1.3 ACKs Nikos Mavrogiannopoulos
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara