[TLS] [DTLS] State transition after last flight
Hanno Becker <Hanno.Becker@arm.com> Fri, 27 March 2020 16:44 UTC
Return-Path: <Hanno.Becker@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 762CE3A0CE9 for <tls@ietfa.amsl.com>; Fri, 27 Mar 2020 09:44:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=5E/Pngsn; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=5E/Pngsn
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B1IG_RZrO6kg for <tls@ietfa.amsl.com>; Fri, 27 Mar 2020 09:44:52 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2060.outbound.protection.outlook.com [40.107.20.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 460B93A0D06 for <tls@ietf.org>; Fri, 27 Mar 2020 09:44:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LSrH7ErTENIRsQsA2c2iBDWHlN3XWzrQHo9aPi0wlhU=; b=5E/Pngsnu3LDirSu65m87hELh6XpgRwtRcTSpeTXtdhxJlgB5SlwzzQY01obXjMNXh4ww2Lz9Sb9NWdFXdaQ4YwEmcAYMYjY+HdMQRfW/qxK/fsI4i7S4f+YUkVBjzP+E2vtN0E/z8Aky1DgNkRo+NjdbLEP7pHcEkEFVpWgYoI=
Received: from AM4PR0902CA0022.eurprd09.prod.outlook.com (2603:10a6:200:9b::32) by DB8PR08MB5497.eurprd08.prod.outlook.com (2603:10a6:10:11a::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Fri, 27 Mar 2020 16:44:47 +0000
Received: from VE1EUR03FT011.eop-EUR03.prod.protection.outlook.com (2603:10a6:200:9b:cafe::cf) by AM4PR0902CA0022.outlook.office365.com (2603:10a6:200:9b::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.18 via Frontend Transport; Fri, 27 Mar 2020 16:44:47 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT011.mail.protection.outlook.com (10.152.18.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.17 via Frontend Transport; Fri, 27 Mar 2020 16:44:47 +0000
Received: ("Tessian outbound 60d769d68364:v48"); Fri, 27 Mar 2020 16:44:47 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 05b6d666d8642109
X-CR-MTA-TID: 64aa7808
Received: from f319a3e0d225.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C813EB0B-6D6C-40BD-B863-8F17ABC66975.1; Fri, 27 Mar 2020 16:44:42 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id f319a3e0d225.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 27 Mar 2020 16:44:42 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U5ce19NR9eN9YcwnkO9WSKz+mWMEAMp6J9FD/Z+CEOHIh3jRgv1ZdNpqGnVCf3v/JG1mKE7pJriSf7oLqrhGi8j5x2i2gedgmacBSqJSAFHDJWD18LQh5eBrwOuxRnRqsQBt5xhBLDjNxEZ1AkbZuXfVIdyHWPe/lO5xqFu9nCEaxvOJ4AvUZjdEPT0kDFWhN2HuAvVHhtNduUXQKhb4sSj8KhD9hLtGQ5anM14NYnFlu8X9D1uXr7NwSu8iy7qHcS+RVSLBV4rvwvIAN2HKZit2F81DvOHLYztHKS1EQ9qja1hXUSm04NiXIPzEhz8lkY1JOWcqIOmG7dvIgldUHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LSrH7ErTENIRsQsA2c2iBDWHlN3XWzrQHo9aPi0wlhU=; b=k4anornUtuxaFKyh5m1rfYQQ0rSPI7sS2kcymnI/KkiGz68KwWRG4oLx3+iG/TjZYwS84zzEX61smTH1zUF453js6D+cP0hLVLS6oyEU5PK1oOi4Tb1o/X9BORbWq6ETLScgLACkDgSKbQSNS7wESTwcmN+r8jXPvxGOEJwN+IFMuTiSWInVBMaAuh8qHvIjSnxbiEtJ2VPHWCH/R8/UM7xoM5m61XINAaFGjwHXUokPnN0riYn+lk0Zqp/TRxYOwuDRpQeRcEvE4pTYJ6l4E0UePKokUCv0Q3YrFi5ZaNPJ2eI71cGkcVbUYetyJFlwj8j8VoPUoK/56uK9r3wnIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LSrH7ErTENIRsQsA2c2iBDWHlN3XWzrQHo9aPi0wlhU=; b=5E/Pngsnu3LDirSu65m87hELh6XpgRwtRcTSpeTXtdhxJlgB5SlwzzQY01obXjMNXh4ww2Lz9Sb9NWdFXdaQ4YwEmcAYMYjY+HdMQRfW/qxK/fsI4i7S4f+YUkVBjzP+E2vtN0E/z8Aky1DgNkRo+NjdbLEP7pHcEkEFVpWgYoI=
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com (52.135.163.143) by AM6PR08MB4485.eurprd08.prod.outlook.com (20.179.7.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20; Fri, 27 Mar 2020 16:44:40 +0000
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d]) by AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d%5]) with mapi id 15.20.2835.023; Fri, 27 Mar 2020 16:44:40 +0000
From: Hanno Becker <Hanno.Becker@arm.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [DTLS] State transition after last flight
Thread-Index: AQHWBFb2iTdSEWgYrUyGDf5/Eaieeg==
Date: Fri, 27 Mar 2020 16:44:40 +0000
Message-ID: <AM6PR08MB33189F9E2DC65695A65DCC609BCC0@AM6PR08MB3318.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
x-originating-ip: [217.140.99.251]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: ffc8eb5a-7100-456b-df1d-08d7d26e2953
x-ms-traffictypediagnostic: AM6PR08MB4485:|DB8PR08MB5497:
X-Microsoft-Antispam-PRVS: <DB8PR08MB5497E617A2CB8A34FECC1CFE9BCC0@DB8PR08MB5497.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
x-forefront-prvs: 0355F3A3AE
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3318.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(136003)(346002)(376002)(396003)(366004)(39860400002)(6916009)(66476007)(66556008)(64756008)(9686003)(66946007)(71200400001)(316002)(76116006)(66446008)(26005)(186003)(81166006)(33656002)(5660300002)(8676002)(2906002)(52536014)(478600001)(8936002)(81156014)(86362001)(55016002)(6506007)(19627405001)(7696005); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: lF63DIysHTTaJHVs+8Q0MTfIZVOOZtArziuFCv6fPorG4fURMazP23lzMOAg/rM1uoUEDPjw3Y6BikPBmsLcDc84fmzfyKN3r64l2AiumG4SGmXx7By7wxrrvr1yi9GUUu4iNz2RWMLxoUJZ+tZZyEYisvceNyKDASMWZpi0W4k/ZxwNrmzdlTnHkJoqAD+bAfhtqZnCcvPZHlCxfuFJeyLI4U7sCIMZdcgqwMK782xUEYGV9Wlx+ugFebIZ517Oyn9OtwC2KZm+w2NCOCey7GhDToMphZ6+oR58HlXacBnhPQl1n0j8egentfFuTWK9/t3Z8InintNt845hQu4LSwYtAvZDiUP4CVeNjgeCQrVbHvnBXUnX+m+5U7G94ZUmy6aeVU+KWafTfyE/k2wZLeyk5lJCsTujDQ2lCDL9wufskzt5swvLoZAnTBi23TOB
x-ms-exchange-antispam-messagedata: ioyl8WiRdw3kBgHXesJpGMzxoaRkjyqwgAOKow1QSpRC2nvB5T1IsAjVsMJaXwWCRL5rho3NNRp0od/URBJHEylXrXYaHscLEj6As/tAzOkdXn1Q/JoW2FfC5kblgaVtj/Urcu4tB8KklWFvhifq6A==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM6PR08MB33189F9E2DC65695A65DCC609BCC0AM6PR08MB3318eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4485
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT011.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(136003)(39860400002)(396003)(346002)(376002)(46966005)(81156014)(9686003)(5660300002)(19627405001)(26826003)(70586007)(33656002)(55016002)(6506007)(316002)(478600001)(8936002)(7696005)(82740400003)(81166006)(36906005)(70206006)(47076004)(86362001)(2906002)(336012)(52536014)(186003)(356004)(26005)(8676002)(6916009); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: bbbdd313-3b65-40d5-95f7-08d7d26e2523
X-Forefront-PRVS: 0355F3A3AE
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: l9R41fzXqXgc2g/a3lO3MIEBQsFySuBaFQRlmsB3TwwdT0SBrYrfBzY/vlD8gIrqtFhc3dCzPRso0sjkrYiyuiOjPiKJk3lPSrWqBO0CVQOzptJRG0bouWJq13ne7e4CJT4hAV4R3ppEKjkskRzXGjZCrUuJCw7RIb7ywqvpJZMrf7wHMitffQsd9uVu/NzjOPPAYnXtPmpxdEGgz6f2w0k8cRVfiinMCw7bwoKN9ucChzHJvlWRjnVmTAHpaCjZGr5/zpY0X25tdpe4VxHj5FWv9q5CXW+9160HkEtQhpg5h3vvynB5OWyPlrv/gfpG0AoX8M1XX+9FAA3IxF9zxYfITYx76iOyjJVorsGjb/ChhTy6r+uhLH9Dl5qqOhOWdJnNbnaivOfSuHVOu2MREVJYxgiIjPHo7VsIJBk3DVYy8f3nJARVBELu2W8EnCgv2PUPtDneFCj1pJma7oH0sovpzLHrtRhU8/pvkcG31yaWLzI8YcbXEuLNH9DrPppYtz0D+rC4eCML35JFQ97xZQ==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2020 16:44:47.6741 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ffc8eb5a-7100-456b-df1d-08d7d26e2953
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5497
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9xFiAo-fQpcYh4WrQ8Irqgc0ozU>
Subject: [TLS] [DTLS] State transition after last flight
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2020 16:44:55 -0000
Another comment on DTLS 1.3 draft 37.
I believe there is a slight ambiguity in the description of what
shall happen after a peer sends the last flight in a handshake.
On the one hand, the spec says:
```
In the SENDING state, the implementation transmits the buffered
flight of messages. If the implementation has received one or more
ACKs (see Section 7) from the peer, then it SHOULD omit any messages
or message fragments which have already been ACKed. Once the
messages have been sent, the implementation then enters the FINISHED
state if this is the last flight in the handshake. Or, if the
implementation expects to receive more messages, it sets a retransmit
timer and then enters the WAITING state.
```
This suggests that after sending the last flight in a handshake,
a peer transitions SENDING->FINISHED.
However, there's also the following paragraph:
```
There are four ways to exit the WAITING state:
1. The retransmit timer expires: the implementation transitions to
the SENDING state, where it retransmits the flight, resets the
retransmit timer, and returns to the WAITING state.
2. The implementation reads an ACK from the peer: upon receiving an
ACK for a partial flight (as mentioned in Section 7.1), the
implementation transitions to the SENDING state, where it
retransmits the unacked portion of the flight, resets the
retransmit timer, and returns to the WAITING state. Upon
receiving an ACK for a complete flight, the implementation
cancels all retransmissions and either remains in WAITING, or, if
the ACK was for the final flight, transitions to FINISHED.
```
Point 2. mentions a transition WAITING->FINISHED upon receipt of the
ACK for the last flight. This transition wouldn't be necessary if
there was an immediate SENDING->FINISHED, as suggested before.
I believe the transition SENDING->WAITING should happen
unconditionally, regardless of whether the flight is the
last one or not. I'd therefore suggest a rewording along
the following lines:
```
In the SENDING state, the implementation transmits the buffered
flight of messages. If the implementation has received one or more
ACKs (see Section 7) from the peer, then it SHOULD omit any messages
or message fragments which have already been ACKed. Once the
messages have been sent, the implementation sets a retransmit
timer and then enters the WAITING state.
```
Regards,
Hanno
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [TLS] [DTLS] State transition after last flight Hanno Becker