Re: [TLS] DTLS 1.3 ACKs
Ilari Liusvaara <ilariliusvaara@welho.com> Tue, 04 July 2017 13:36 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66F8413160B for <tls@ietfa.amsl.com>; Tue, 4 Jul 2017 06:36:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XA_85_vYIY_B for <tls@ietfa.amsl.com>; Tue, 4 Jul 2017 06:36:51 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) by ietfa.amsl.com (Postfix) with ESMTP id 2D03113160A for <tls@ietf.org>; Tue, 4 Jul 2017 06:36:50 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id B786A650C2; Tue, 4 Jul 2017 16:36:49 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id OrnZqTRj_d5h; Tue, 4 Jul 2017 16:36:49 +0300 (EEST)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 48C42286; Tue, 4 Jul 2017 16:36:47 +0300 (EEST)
Date: Tue, 04 Jul 2017 16:36:47 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Message-ID: <20170704133647.w2qv5cljssdzrlth@LK-Perkele-VII>
References: <20170624164749.bidmu2btsb6xsdjb@LK-Perkele-VII> <CABcZeBNkNUkgm9mrptgKO_+pkk2i9usYdGbmsFH762PhcVtFRw@mail.gmail.com> <20170701170103.htwyfrheq52pmm6l@LK-Perkele-VII> <CABcZeBMA3dUGKrk_V9EfYH1OtoD_JP+gTr8vf2+yq5Yaa-96vg@mail.gmail.com> <20170701210000.ppewrje6jcpy5w2b@LK-Perkele-VII> <CABcZeBNMwtExuep34WFp5r9phd94u7j_DvQdfeE3ha5TC0+7iQ@mail.gmail.com> <20170702075416.7ozflgnxdo5k7gcd@LK-Perkele-VII> <CABcZeBNiW_8s2XNXv3Zgk1bpq7fKwXVDUdbs+b=UXKx3DL00_Q@mail.gmail.com> <20170702201324.dhfybncpih3neuo6@LK-Perkele-VII> <CABcZeBOuqJfQXJpHCVzkQrttQDcF6Xq6Q1QyBm52kDJpAArdAg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CABcZeBOuqJfQXJpHCVzkQrttQDcF6Xq6Q1QyBm52kDJpAArdAg@mail.gmail.com>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5TJpw1vyHo2Bn_72nl98v-Y5AwM>
Subject: Re: [TLS] DTLS 1.3 ACKs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2017 13:36:53 -0000
On Sun, Jul 02, 2017 at 02:00:51PM -0700, Eric Rescorla wrote: > On Sun, Jul 2, 2017 at 1:13 PM, Ilari Liusvaara <ilariliusvaara@welho.com> > wrote: > > > There can also be interactions with giving up on fragment transmissions > > (in order to limit memory usage). > > > > Suppose similar case as before, but 2:1 gets lost instead of disappearing, > > and is found after 2:5 is received by the client. > > > > The client will then generate second ACK, which ACKs 2:1. The server then > > receives the ACK and has no idea what the client is talking about, since > > server has dropped the state. But presumably fast-retransmits 2:4 and 2:5, > > now as 2:6 and 2:7 (3rd transmission for both). > > > > It's not clear to me it's useful for implementations to delete state in > this case. As said, this would be to limit memory usage. I suppose real cheap implementation could check for the first missing fragment and retransmit from that point onwards, regardless if any subsequent fragment was ACKed. I suppose if one really wants to scrimp on state, one combine the fragments of small messages (basically, everything except Certificate) in fixed way (ClientHello, HelloRetryRequest and ServerHello likely fit into one fragment, EncryptedExtensions and CertificateRequest likely jointly fit into one record, the same for CertificateVerify and Finished). And then assign RSNs for retrasmissions with fixed base (which impiles that RSN sequence might have gaps). -Ilari
- [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara