IETF Logo Mail Archive

Re: [TLS] Efficiency of ACKing scheme

Hanno Becker <Hanno.Becker@arm.com> Tue, 14 April 2020 07:14 UTC

Return-Path: <Hanno.Becker@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9D0D3A0E7A for <tls@ietfa.amsl.com>; Tue, 14 Apr 2020 00:14:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=PXe1LLB4; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=PXe1LLB4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wwE4SGBelAq4 for <tls@ietfa.amsl.com>; Tue, 14 Apr 2020 00:13:58 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00050.outbound.protection.outlook.com [40.107.0.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 149173A0E79 for <tls@ietf.org>; Tue, 14 Apr 2020 00:13:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WNbuEWu13kn7tkuQgP+nphKCtp6G3Y/VMY0/p+ICwVU=; b=PXe1LLB4Vup4yhP18LzjM8rnb/Wi1AjIVtWP6L3ksJTB8OnEfPPC9Em31rdpyyiSXRDtuBm7BVuiH62SCOtmQluBFOi/B788RWmGtZtwTxwlRTESOAH0sc0STjA1y+EnKTMil5/KxSfIyfWMuYKohW5rfB6bRereFVt2+SzSvPM=
Received: from DB8PR06CA0049.eurprd06.prod.outlook.com (2603:10a6:10:120::23) by AM6PR08MB4472.eurprd08.prod.outlook.com (2603:10a6:20b:bf::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.24; Tue, 14 Apr 2020 07:13:54 +0000
Received: from DB5EUR03FT039.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:120:cafe::4) by DB8PR06CA0049.outlook.office365.com (2603:10a6:10:120::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.17 via Frontend Transport; Tue, 14 Apr 2020 07:13:54 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT039.mail.protection.outlook.com (10.152.21.120) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.18 via Frontend Transport; Tue, 14 Apr 2020 07:13:54 +0000
Received: ("Tessian outbound 5345ff401cf8:v50"); Tue, 14 Apr 2020 07:13:54 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: c268176ca60d871f
X-CR-MTA-TID: 64aa7808
Received: from 36586897dd4d.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id FDD5E94E-3E97-4CEB-B1A0-367D99739CC4.1; Tue, 14 Apr 2020 07:13:48 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 36586897dd4d.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 14 Apr 2020 07:13:48 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HjzfnjLitfDZLOOcbyGsHkwOZun2LdYgJ1GpMh69ARIm9HXELWFQx/dgYXi7TlsQHNYRBN+weALNM3oyOVq+PfecZHlGSGEXYTOw/rMkeKYkWZfOTXOijjadJBvZg/J5m4jib8rUwzPj90Zx4nGpWigppTpNocxJLLrrERhEJlAg2fAbvCx92hKrHFjWvjJ84cfBes1e3el3g71bGQsZUbcZ7RAt3LGFfe0PTCAdc04rnfmw8EDsVce6FASX5NAHh6/kauFtHuCYCxcLZLmpRNPieGvo7wRuiGDUlnAr6VyoWVt8XEcqeTORcgyiOs1w3J+i0DZ3RyNEBAYsK0WbXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WNbuEWu13kn7tkuQgP+nphKCtp6G3Y/VMY0/p+ICwVU=; b=b19uBALWFTJL7z+Z/EddinOFXzUi5jHW3QMblU/n5TCFCRe/f6KrtCauzp/SMZAU7Hzk2vIVlW2uRl+2r1pffiMJHIlOJskLNRPd/7UFUxxb99zVzq7Lg/CIYN5uMSpGXH2t8cv7O3K0uzlNXrKjwSNbZJel+mKv3EDT853Arx64u2mp9jyK568UAB8n7sffxNZ/pHWHD88Vf5GhMkxwl1TCS/WglZiJ8CFSUR5tmiGFtYfuOVK3GVoYm4hgxs5ojYa+1EBh44zGQ112G9TFCDDhEpCe96ZV9Q5XAbYlijb0/eYMIL6aHWdBws9B4U3NNFWN5aosQ+gauEoEJED1kg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WNbuEWu13kn7tkuQgP+nphKCtp6G3Y/VMY0/p+ICwVU=; b=PXe1LLB4Vup4yhP18LzjM8rnb/Wi1AjIVtWP6L3ksJTB8OnEfPPC9Em31rdpyyiSXRDtuBm7BVuiH62SCOtmQluBFOi/B788RWmGtZtwTxwlRTESOAH0sc0STjA1y+EnKTMil5/KxSfIyfWMuYKohW5rfB6bRereFVt2+SzSvPM=
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com (2603:10a6:209:45::15) by AM6PR08MB3958.eurprd08.prod.outlook.com (2603:10a6:20b:a6::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15; Tue, 14 Apr 2020 07:13:46 +0000
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d]) by AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d%5]) with mapi id 15.20.2900.028; Tue, 14 Apr 2020 07:13:46 +0000
From: Hanno Becker <Hanno.Becker@arm.com>
To: Thomas Fossati <Thomas.Fossati@arm.com>, Eric Rescorla <ekr@rtfm.com>
CC: Rob Sayre <sayrer@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Efficiency of ACKing scheme
Thread-Index: AQHWCdUmcw6BnTFxZ0GrZHianQcZlahnnDQQgAO7OoCAAKsoAP//86kAgAAdq4D///6F3YAAREwAgAD0k7KAA3V2gIAADseAgAAbtwD///RFgAACd9OA///wuACAABuZAIAHQ2AZ
Date: Tue, 14 Apr 2020 07:13:46 +0000
Message-ID: <AM6PR08MB331808EE59103725876EC1CC9BDA0@AM6PR08MB3318.eurprd08.prod.outlook.com>
References: <AM6PR08MB331820C710440F07055382739BC70@AM6PR08MB3318.eurprd08.prod.outlook.com> <AM6PR08MB331832C84A0E5D04AA5612A99BC70@AM6PR08MB3318.eurprd08.prod.outlook.com> <8fed27dc-f5eb-4104-8308-186c361781bc@www.fastmail.com> <6EC8987C-A1E0-454F-AF09-A43260EB2B56@arm.com> <CAChr6Sx96KBLS+VYFo7DdybraBo7ubz7ojp0fR3XjFcuGWB-2A@mail.gmail.com> <03849701-1A14-4E1A-8298-D483E74E380C@arm.com> <AM6PR08MB3318181A1F2C5B19E9392F849BC20@AM6PR08MB3318.eurprd08.prod.outlook.com> <EAB4DCDE-78B4-4B0F-B243-429C3590923D@arm.com> <AM6PR08MB3318F770AD9A53CC0C9F88FA9BC30@AM6PR08MB3318.eurprd08.prod.outlook.com> <FFC3507B-5253-4525-A7A4-D9D45422FC69@arm.com> <CABcZeBOd44CL-8kjwntS9fMg9NgzpgXhkXNi6Lsc70BwAqaxwQ@mail.gmail.com> <337B9506-31F3-463C-B447-FEFBEFEC32A7@arm.com> <CABcZeBN=jsr-WJnbxNao+jLneEGz8waTkGerHqexKVekBV-aug@mail.gmail.com> <5744AFC1-D9B5-421E-893B-949ACA76C51D@arm.com> <CABcZeBPdDeqF1SxZZ7nsvpyqejHnDqpV=9b3KmMn_eB4gFR=Lg@mail.gmail.com>, <D4D9DD15-6704-44B3-8E18-53E4B8CE2B14@arm.com>
In-Reply-To: <D4D9DD15-6704-44B3-8E18-53E4B8CE2B14@arm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
x-originating-ip: [86.177.220.146]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 4920b0c4-d9ea-4f9d-a429-08d7e0436416
x-ms-traffictypediagnostic: AM6PR08MB3958:|AM6PR08MB3958:|AM6PR08MB4472:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <AM6PR08MB4472A028C5DB08B8659433349BDA0@AM6PR08MB4472.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 0373D94D15
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3318.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(376002)(346002)(366004)(396003)(136003)(66446008)(64756008)(66556008)(66476007)(53546011)(9686003)(81156014)(86362001)(8676002)(478600001)(8936002)(33656002)(55016002)(6506007)(7696005)(186003)(76116006)(66946007)(5660300002)(19627405001)(26005)(54906003)(316002)(71200400001)(2906002)(4326008)(110136005)(52536014); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: +N+euyCIGIqpYNztKbDwEYMf4G44UN6baUh4yHRWMiuNG9vHqO2I3jAPMrA9Y4A583FUUFQUFE1iBEHPh6IL+RYm46SknRvU82OVpMrvwP9/HKS60qs8ykKOSLJNjZ67NeT50BUfwcKmLA3Ep2tCOooy/qD4fhVRaUt7sHap2LM9GoKOgvvZFxPyfrl7iQuHUvHCtKpYJwrjPAhA50TyxaLpNYJt1BL0qDkIBbHuzKq+0cnlJ+5IUmqiaOf5rCOmSuWIoAmLFXjG8ZJMy+XXPaZBeFlR3jbz8map8rPeASb9OMmS1s31TLMUsVDIY2c+DqJraYkACOdX12KNaeN4GTl/Y28u0tFbk2oda+EXzL4c7YVqHn6dSD0dzNvy4nCkEpavtuHMbvKlMbj6bQakNKURBFhrUscgqZRdSFYHaeTWdoimi4KMuOj277kpN8Dr
x-ms-exchange-antispam-messagedata: eQ2txjwj4iUzAGiT/TW6kM4JquNv+FJYnG9ob6aWbYDCiZM6Ji+JhGDJlaZa54ucA3rUY/NYM8LsD0EakaEg7rS3+N6i1Cg7BwMVjn8+damgJ+f7LB/zZz6kNIEAJ1xib0J/PyiKb2CRllj2573AcA==
Content-Type: multipart/alternative; boundary="_000_AM6PR08MB331808EE59103725876EC1CC9BDA0AM6PR08MB3318eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3958
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT039.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(396003)(346002)(376002)(39860400002)(136003)(46966005)(26826003)(47076004)(86362001)(9686003)(55016002)(186003)(70586007)(81166007)(70206006)(19627405001)(336012)(82740400003)(478600001)(356005)(8936002)(2906002)(110136005)(54906003)(52536014)(33656002)(6506007)(81156014)(5660300002)(4326008)(53546011)(26005)(316002)(8676002)(7696005); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 1eaa4229-752e-436d-dd01-08d7e0435f6c
X-Forefront-PRVS: 0373D94D15
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: elwm37Bqpe9BreU2DC+2QxHQ592XSPvjLcErZhrb9zVyinZjvvGaarFoysUwcr9I9C42dJ/1+TksxnZdtsC9OffSymr2NnZhvdBOGBKWZ5Xq/qvOjer/OAQf3BqMyHuguCLLhwKVcs3v0JNZg/CIMxGrInTCwPhZ+cr3WhYpDEhwe4nzBZDlETnJ/UJxqZH+nqfn3DKOubdXnnDJZryw4aPmpr5iY4ogakBQnyqb3i1I27abteDHJfAP8a/hQl+lvBmQcH5eV5Rc92EwnhNl4djzOuqAb1coIm5owjgG4qwc6F7BuLzplFcKdnHt45IlW/37qv56LiZiZ8Pc0av1T/3kMeJ7qoADHr15XiEQKff6EKmmDpbmWOVpv8y/2o6TQNFFzUbiBTi+mCTuq53jzG5L9i9kXrWq6kI5urtAHajm0wz32M88tJljyipA4UM2gKjTOKjqaLNAVjE1o3RZTDxiLVd1pxOU4hoY0RgsVDKOfgMgt0ECZF9SnuwpGe5NFqlN1zMpr9Uf7LCGzKxO1A==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Apr 2020 07:13:54.2690 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4920b0c4-d9ea-4f9d-a429-08d7e0436416
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4472
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dPG8DfCDozpXVpk1cAUwx2GYw4Q>
Subject: Re: [TLS] Efficiency of ACKing scheme
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2020 07:14:02 -0000

Hi,

Apologies for the late reply.

First, let me say that foremost I wanted to highlight the potential
efficiency problem with the current solution. The mentioned alternative
isn't yet fully thought through, so it may well have drawbacks itself
that render it no better than the current version. However, in any
case I'd hope we can in the end find a solution which doesn't suffer from
the current inefficiency, as this seems prohibitive for IoT deployments.

Replying to Ekr's initial comment first:
> ISTM that the easiest way to deal with this is to have the sender
> treat the current ACK state as the union of the states it has received
> and permit receivers to only ACK each packet once (while encouraging them
> to fill the ACK packet). Then you would retransmit if your new ACK state
> was partial rather than if the ACK was partial.

I agree, something along those lines should work and I was attempting that
with the proposed text, though spelling out the details doesn't seem entirely
straightforward. For example, we don't want to retransmit immediately if we
receive an ACK such that the new cumulative ACK state is partial, because
otherwise we'd retransmit many times while building up the ACK state. The
proposed text therefore recommends to retransmit after a sufficiently
long period during which no further ACK is received.

Receivers, in turn, may send ACKs one-by-one, though it is encouraged
to fill them, as you said.

So if I understand your comment above correctly, it appears
to be in line with the intention of the proposed new text.

Note that the proposal leaves it open whether receivers send
ACKs recurringly, even if everything is transmitted perfectly,
or only when they notice a disruption. The only recommendation
I think the text should make is that once an implementation decides
to start ACKing, it shouldn't leave a too large time-gap between
two consecutive ACKs: This is for the recommended heuristic of
"retransmission on ACK-less period" on the sender to work.

Best,
Hanno
________________________________
From: Thomas Fossati <Thomas.Fossati@arm.com>
Sent: Thursday, April 9, 2020 4:12 PM
To: Eric Rescorla <ekr@rtfm.com>
Cc: Hanno Becker <Hanno.Becker@arm.com>; Rob Sayre <sayrer@gmail.com>; tls@ietf.org <tls@ietf.org>; Thomas Fossati <Thomas.Fossati@arm.com>
Subject: Re: [TLS] Efficiency of ACKing scheme

On 09/04/2020, 15:34, "Eric Rescorla" <ekr@rtfm.com> wrote:
> > > But this requires being able to send an empty ACK that means "I
> > > got nothing". In which case, I don't see how it's really different
> > > from the current text except that it gives the sender less
> > > guidance.
> >
> > Not sure there's an "empty ACK" in Hanno's proposal.  This is how I
> > interpret it in the context of your example: in the second flight,
> > if rec#0 (containing SH) is lost and rec#1 gets through, the
> > receiver sends ACK {1}.  From that the sender can infer the gap and
> > retransmit rec#0.
> >
> > You can't send ACK{1} because you can't  decrypt it because it is
> > out of order with respect to the DH key. This is the point of the
> > empty ACK.

True, so you send ACK{} (as per last para of Section 7.1) and similarly
the receiver can deduce a gap -- indeed a very precise one -- and
re-send record containing the SH.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email