Re: [TLS] On the two types of ACKs in DTLS 1.3
Christopher Wood <caw@heapingbits.net> Wed, 22 April 2020 23:34 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C2983A0DC0 for <tls@ietfa.amsl.com>; Wed, 22 Apr 2020 16:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=i3NytNoX; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=X3S3GKsa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rz6WPcLXXjad for <tls@ietfa.amsl.com>; Wed, 22 Apr 2020 16:34:51 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3976E3A0D76 for <tls@ietf.org>; Wed, 22 Apr 2020 16:34:51 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 478CE5C0228 for <tls@ietf.org>; Wed, 22 Apr 2020 19:34:50 -0400 (EDT)
Received: from imap7 ([10.202.2.57]) by compute1.internal (MEProxy); Wed, 22 Apr 2020 19:34:50 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=KkIs94onKZ5xK+gFRpH7OwgxqY2tvwu DMsJWpK7A3VM=; b=i3NytNoXO90IfizDP0R/kkQv59uZZm8bClUerzZA9YUAc6F zQODIsdQoXxZNT0Eg77vmIsEVXvAAiJv+Z6wdJT+HAdjIdMRWWguQbsI5AeJuWoU 1Eaqch6BoW9a5+dLcwRQAoS3l/WUzF+ofK1wghRWCBCD8Dn/VHqzg70jfYoIHH/7 SwhCA8HMNGvqI8m2DZI9l1q1NN//iELENrqzJoIdBicyM1lSFLuXAT+qDzxONC2/ r49xkq4Zj1vrhj0GhusQ6SV+yOiv28WAt1000/Xt3FXPB6WdbJS+0/NiJysrnn5b tuPAwpCJrzZaeQWoNHgIbdcBKHPNJMuprCDdBNA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=KkIs94 onKZ5xK+gFRpH7OwgxqY2tvwuDMsJWpK7A3VM=; b=X3S3GKsaxPfM+TwTAKdaW9 BWK3+RAgh6n4HieoWDN5XtjCnlhGdXjLmUUAy0S0XyThF/F6HyE+CE4ecqUVcH1M HxSr9uBRA2FhupKAqUNmaFQacBj2QghsKYT7RDO2olUrRT1xSlMXNaAYlCJImBO4 FVc6o84zXOc1n99w42pvuQPOH7GjNchU1giJTviZemKdJYX1PKtOhA0g+207hB+M gv7mWBJ9qplHw5GGAT/u00n03As1/rRSZA0CQSb3QFMOY8NpanApFFhRZCPbTlY1 dnFC9rlzwGUhR3do6XlpCQf0wBRTAd6uC+ngVMjQmsZhwVZ8BN2Ve/eq0pzwdxxA ==
X-ME-Sender: <xms:mtSgXqm0KA5Db_hxcjyWUNvNYRYBQoXltdrkyRqK4uXJwfgCTXYVOg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrgeekgddvtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggrfies hhgvrghpihhnghgsihhtshdrnhgvtheqnecuffhomhgrihhnpehgihhthhhusgdrtghomh dpihgvthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghi lhhfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:mtSgXvrtDuK_gQE3aPlLlGI0Q2HedaRGAs8I6BeGeToabHParP2QkA> <xmx:mtSgXq9tmP_nHOLmoz0f8eFopugUtWFLuTRNOEcjqU_A84xGTld_xg> <xmx:mtSgXhwNeT3sZuTPlBFJAyXWXbHEDLDJQSCyMKY5EUkrhqEOTqJi_g> <xmx:mtSgXmftwsqy7jXGDAiuDs6H63pQbVRSISWq9AhEQ4J75Eig4ddyMg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id E6E66180091; Wed, 22 Apr 2020 19:34:49 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-351-g9981f4f-fmstable-20200421v1
Mime-Version: 1.0
Message-Id: <d4e4918e-3dc9-47c1-88e6-ca439f5e85b4@www.fastmail.com>
In-Reply-To: <AM6PR08MB33187063CE8ED77847600C709BC70@AM6PR08MB3318.eurprd08.prod.outlook.com>
References: <AM6PR08MB33187063CE8ED77847600C709BC70@AM6PR08MB3318.eurprd08.prod.outlook.com>
Date: Wed, 22 Apr 2020 16:34:29 -0700
From: Christopher Wood <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/JeWuEudI09U-veBgqCJyapyr0S8>
Subject: Re: [TLS] On the two types of ACKs in DTLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2020 23:34:53 -0000
Hi Hanno, I believe this (now merged) PR addresses your concerns: https://github.com/tlswg/dtls13-spec/pull/140 Best, Chris On Fri, Apr 3, 2020, at 5:08 AM, Hanno Becker wrote: > Hi all, > > I am aware that we're late into the standardization of DTLS 1.3, and > likely too late for any intrusive change, but I'd still like to share > another comment on the proposed ACKing scheme and its implication on > complexity of migration from DTLS 1.2 to DTLS 1.3, in addition to the > aspect discussed earlier regarding handshake-level vs. record-level ACKs > (https://mailarchive.ietf.org/arch/msg/tls/O0pghTnz_8q1AiHSeMSzxZg30RM/) > > As it stands, there are two quite different kinds of ACKs sharing > the same wire-format: > > 1. ACKs as 'retransmission requests' > > Consider the following two excerpts from the draft: > > A: > "When an implementation receives a partial flight, it SHOULD generate > an ACK that covers the messages from that flight which it has > received so far." > > B: > "Upon receipt > of an ACK for only some messages from a flight, an implementation > SHOULD retransmit the remaining messages or fragments." > > This means that ACKs should be sent only on signs of disruption, > and that receivers of partial ACKs are supposed to immediately > retransmit. > > In particular, this precludes recurring use of ACKs where an ACK > is generated for each message as it comes in and is processed: > Indeed, implementations behaving this way would trigger multiple > retransmissions on the peer, provided the peer obeys (B), even > if there's not a single packet-loss or reordering occurring. > > In this sense, the above ACKs are 'negative' and should not be > seen at all during a disruption-free handshake. > > Note, also, that handshakes will continue to progress if this > kind of ACKs is entirely ignored, which amounts to falling back > to how DTLS 1.2 handles retransmissions, purely on the basis > of timeouts and implicit acknowledgement. > > 2. ACKs as 'acknowledgement of completion' > > In contrast to the previous kind of ACK, those ACKs are 'positive' > in that they indicate completion of a handshake, and they are > mandatory in that a handshake will not complete unless they are > used. In particular, an implementation MUST support those kinds > of ACKs. > > At the moment, both kinds of ACKs are handled in the same way on the wire, > and in order to even distinguish them an implementation has to maintain > accurate knowledge of the sequence numbers of records it has sent. > > In particular, even if implementations decide to not make use of > type-1 ACKs -- that is, retransmission requests -- it doesn't buy > them anything in terms of code-size and simplicity, because they > still have to implement type-2 ACKs, and detecting those requires > implementing record sequence number bookkeeping. > > I believe that this will harden migration of DTLS 1.2 stacks to DTLS 1.3, > because it makes the minimal difference between a compliant DTLS 1.3 > implementation and a pair of "DTLS 1.2 + TLS 1.3 logic" quite large. > > In contrast, if retransmission requests and completion-ACKs were treated > differently, and in particular easily distinguishable on the wire, then > migration from a pair of DTLS 1.2 + TLS 1.3 stack to a minimal compliant > DTLS 1.3 would only require implementing 'completion-ACKs', which, since > they convey only a single bit of information, can in principle have a > much simpler wire-format than what we have for ACKs today. > > I would be interested in comments from implementors, esp. for stacks > targeting embedded / constrained environments. > > Cheers, > Hanno > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy > the information in any medium. Thank you. > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] On the two types of ACKs in DTLS 1.3 Hanno Becker
- Re: [TLS] On the two types of ACKs in DTLS 1.3 Christopher Wood
- Re: [TLS] On the two types of ACKs in DTLS 1.3 Hanno Becker