Re: [TLS] DTLS 1.3 ACKs
Eric Rescorla <ekr@rtfm.com> Sat, 24 June 2017 19:06 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C1F1127ABE for <tls@ietfa.amsl.com>; Sat, 24 Jun 2017 12:06:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TErOb-nrCJEA for <tls@ietfa.amsl.com>; Sat, 24 Jun 2017 12:06:26 -0700 (PDT)
Received: from mail-yb0-x22d.google.com (mail-yb0-x22d.google.com [IPv6:2607:f8b0:4002:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37A581271DF for <tls@ietf.org>; Sat, 24 Jun 2017 12:06:26 -0700 (PDT)
Received: by mail-yb0-x22d.google.com with SMTP id s9so20499046ybe.3 for <tls@ietf.org>; Sat, 24 Jun 2017 12:06:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=iN1ynxMLqeOszajelO1d8pBC1c9X5v4eaaFGK1RL5CA=; b=szKtckx9yypbykcszZNn9d2SnWuE0Xl9EgVLGHGz4SR4HAhvb7GLhvuYWTSVuGlMfq PY1f1GuioI4d5BZESrl2JRWJt9AGtETbg1pxl5slxYYv+rl1j3YMghUi5pgar0k/0UQO H00PlWIVZY3Q7xgoB8s7/Y3pzzLfwQbZuEPzlL1fcsoTGKK47ZL67KpbW7XQ7oOfGOw9 pauw8yghOk4Zj0rHsKYPUk7oVUo07mnmQ+N6wNzSENmGchLCLfdAyKaeHrWYf+2TPYbc nx7MVVizQ3Ba9vHck/5YSSdhkdq6ANbNiEYJl1yodF18r3AL7jpf1h187I33e2dkBt2j XZ9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=iN1ynxMLqeOszajelO1d8pBC1c9X5v4eaaFGK1RL5CA=; b=FVfOGIDP79NUBBLPYuTzM0jwOpFv8RBAql0GHZmHhY8lDVMEVtT/mrYfyvQM7G4HUl WVmNJ2Cm4gCjESDQQKuo3K5i6jp8QzRdHv6k5ZkrTZ2xsU4+ARxstM+xd5JEkOE1naW4 awe0O27MaFKF1Mm1GbXoYcms5T7Q5JqYokf6OdbLS/tVxMgrViIeYPnMMdW+yvQMRxx7 dn1HVjh7PmivX3fhwa0txBXKFU/SSK6VlaEL2HvfQ1LTgkds1MTerMOIp0F73nBgg1Wg 0NLEzh0z0hc0zv0AqkaEgq7VYpjPJbQyF5VgTG0pm6USALhmY5Y3v8wsaVPJvfZ3aYjT HaIw==
X-Gm-Message-State: AKS2vOz3nCWJ8pGvamGHdryj6fj/4rqGcvS2pKF1sVcAPAjXHJaTAGI1 +kcCF4Odk+dMfSA/p66EBKqbtrjmhwol
X-Received: by 10.37.214.12 with SMTP id n12mr10558470ybg.122.1498331185335; Sat, 24 Jun 2017 12:06:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.215.9 with HTTP; Sat, 24 Jun 2017 12:05:44 -0700 (PDT)
In-Reply-To: <20170624164749.bidmu2btsb6xsdjb@LK-Perkele-VII>
References: <CABcZeBMpDLdrqaa7qEKyFFT8c-Qcodc01zDNqYcxmPp0qvi+pQ@mail.gmail.com> <20170624164749.bidmu2btsb6xsdjb@LK-Perkele-VII>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 24 Jun 2017 12:05:44 -0700
Message-ID: <CABcZeBNkNUkgm9mrptgKO_+pkk2i9usYdGbmsFH762PhcVtFRw@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a114fcb700ee88f0552b96a05"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FKjPt7eVHqdWdwqPItE26AizKts>
Subject: Re: [TLS] DTLS 1.3 ACKs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Jun 2017 19:06:29 -0000
On Sat, Jun 24, 2017 at 9:47 AM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > On Sat, Jun 24, 2017 at 07:57:21AM -0700, Eric Rescorla wrote: > > Hi folks, > > > > https://github.com/tlswg/dtls13-spec/pull/9 > > > > I have just posted a PR to implement ACKs, largely as we discussed in > > Chicago. > > Here's the pull comment: > > > > I have taken a slightly different approach here than we discussed > > in Chicago. Specifically: > > > > - > > > > ACKs are not handshake messages but a new content type. This > > avoids the need to ack ACKs or worry about reassembling > > when ACKs are lost. > > - > > > > The receipt of a flight also counts as an implicit ACK and > > so you shouldn't ACK full flights. I tried removing this > > feature but it leads to weird anomalies where you have > > two flights you should be retransmitting if the ACKs get > > lost. > > - > > > > ACKs are always encrypted with the then-current key. > > - > > > > I also removed the rule that you don't stop retransmitting > > when you receive a partial flight. That was intended to have > > fast retransmission for missing messages because the retransmit > > of flight A triggered retransmission of partial flight B, but > > ACKs serve this purpose > > > > Comments welcome. > > I think ACKing a post-handshake CertificateRequest would make sense, if > the response can't be generated immediately (e.g., prompting user to > select a certificate). > That's a good point. It seems ACKs work in terms of RSNs. This generates a weirdness that > a fragment can be known with multiple IDs, in case a packet gets > delayed enough to trigger retransmission but the original is then > accepted. But OTOH, retransmission at fragment granularity is useful > with potentially "obese" messages like Certificate. > This is the calculation I made as well. Note that removing aliasing in this fashion actually is useful in measuring packet loss (this is what QUIC does). > And what is the precise interaction between restarts, 0-RTT and message > sequence numbers on client side? As far as I can tell, > end_of_early_data is always client message_seq=1, and appears only iff > server accepts 0-RTT. Restart client_hello is also always client > message_sseq=1. > That seems correct to me. -Ekr
- [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara