Re: [TLS] DTLS 1.3 ACKs
Eric Rescorla <ekr@rtfm.com> Sun, 02 July 2017 21:01 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8578129AB0 for <tls@ietfa.amsl.com>; Sun, 2 Jul 2017 14:01:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22_fcuO_NKc2 for <tls@ietfa.amsl.com>; Sun, 2 Jul 2017 14:01:33 -0700 (PDT)
Received: from mail-yb0-x22f.google.com (mail-yb0-x22f.google.com [IPv6:2607:f8b0:4002:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E880D129AAD for <tls@ietf.org>; Sun, 2 Jul 2017 14:01:32 -0700 (PDT)
Received: by mail-yb0-x22f.google.com with SMTP id v197so24528859ybv.3 for <tls@ietf.org>; Sun, 02 Jul 2017 14:01:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ciAxYL/eWXETH+c6iPZssLxfeKbhkCT4w76rb2Ok0/0=; b=WcQ0sKSBKXXe+o3Finhxm+LTHlHqoOkAktL37384fkC4CLucOhxv9sr4CI6gnRhmTq 17t0H+S9TZCLvwJSqufCJf9C9hI/59a1yJ9I6YpDW8MDiQfQ732KJg16D/ilgnlDKpeN 26cc7m8U4dfvsDWWzWesy7hnRMaRJhEVHRJSWTE+epMVkejvSx6UFLmo5hlJkN6RZW6Q vSwO3vj6ir3L+JTudmuRLtxwrmFJoqelC9dA0X2nJAIdUpNtNozQWxznRA8pcqswVPfO qHQxDc4ROOs79TrIlZ6bE0wlfmKQuncwiy1Io5Zc0EWXUc8Xd5v4AQbknFGKKqQ4eKOn RwOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ciAxYL/eWXETH+c6iPZssLxfeKbhkCT4w76rb2Ok0/0=; b=RcArjZOTX32cd8yXx7J5DzbuUnlr4NXVRk0o8bv+dJbceg0dsLqOB8KekaxkcL6Hs5 zwG3aOPu0ZHNsZqxKEnTzfckS9lwRSmFbdDAx7knGwYq0kRntFUsk7meUqC9556DARMP TnK+I/8u8DCQUucGezGKc9QYDdsKXW+hzeAdcPKewdjIUiUygk6jxpVKu7Mo0eICGYYG jdsyvUkZUQCHkke0ACBC+cGH6ji/8xYnoOvzoAVW3huNPk6nHXtY+gT8kGjn9+rByjM0 R8o+urPxfR096ZcH2623BjhJuRh26yyl5gPleKqP9CnfXeoN4QXHIqpULQ85CIRPul+r WN/g==
X-Gm-Message-State: AKS2vOy5OYZtN8+sb8E8DZDEzrGaAusrqITm7s/Cj6det3D+3vEfFwPS moGRMOrFK3DrkYNsvH+Pi/JY5cH6uagzYGA=
X-Received: by 10.37.48.67 with SMTP id w64mr25009072ybw.89.1499029291618; Sun, 02 Jul 2017 14:01:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.215.9 with HTTP; Sun, 2 Jul 2017 14:00:51 -0700 (PDT)
In-Reply-To: <20170702201324.dhfybncpih3neuo6@LK-Perkele-VII>
References: <CABcZeBMpDLdrqaa7qEKyFFT8c-Qcodc01zDNqYcxmPp0qvi+pQ@mail.gmail.com> <20170624164749.bidmu2btsb6xsdjb@LK-Perkele-VII> <CABcZeBNkNUkgm9mrptgKO_+pkk2i9usYdGbmsFH762PhcVtFRw@mail.gmail.com> <20170701170103.htwyfrheq52pmm6l@LK-Perkele-VII> <CABcZeBMA3dUGKrk_V9EfYH1OtoD_JP+gTr8vf2+yq5Yaa-96vg@mail.gmail.com> <20170701210000.ppewrje6jcpy5w2b@LK-Perkele-VII> <CABcZeBNMwtExuep34WFp5r9phd94u7j_DvQdfeE3ha5TC0+7iQ@mail.gmail.com> <20170702075416.7ozflgnxdo5k7gcd@LK-Perkele-VII> <CABcZeBNiW_8s2XNXv3Zgk1bpq7fKwXVDUdbs+b=UXKx3DL00_Q@mail.gmail.com> <20170702201324.dhfybncpih3neuo6@LK-Perkele-VII>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 02 Jul 2017 14:00:51 -0700
Message-ID: <CABcZeBOuqJfQXJpHCVzkQrttQDcF6Xq6Q1QyBm52kDJpAArdAg@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a114899c46f6f4205535bf40e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ry9lYTCiQxMGe2Y5noYMWwM5YUo>
Subject: Re: [TLS] DTLS 1.3 ACKs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Jul 2017 21:01:35 -0000
On Sun, Jul 2, 2017 at 1:13 PM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > On Sun, Jul 02, 2017 at 12:30:09PM -0700, Eric Rescorla wrote: > > On Sun, Jul 2, 2017 at 12:54 AM, Ilari Liusvaara < > ilariliusvaara@welho.com> > > wrote: > > > > > Suppose that certificate is rather big (needs spliting to four parts), > > > and: > > > > > > > > > * The server preprares its flight, giving: > > > > > > - RSN 2:0 -> EncryptedExtensions, Certificate part 1/4 > > > - RSN 2:1 -> Certificate part 2/4 > > > - RSN 2:2 -> Certificate part 3/4 > > > - RSN 2:3 -> Certificate part 4/4, CertificateVerify, Finished. > > > > > > * Now, RSNs 2:1, 2:3 disappear, 2:0 and 2:2 make it through. > > > > > > * Client ACKs RSNs 2:0 and 2:2. > > > > > > * Server sees the ACK, and re-encrypts the offending packets: > > > > > > - RSN 2:4 -> Certificate part 2/4 > > > - RSN 2:5 -> Certificate part 4/4, CertificateVerify, Finished. > > > > > > * Now, RSN 2:4 disappears, 2:5 makes it through. > > > > > > * Client is one-message at a time. It can't ACK anything new. RSNs 2:1, > > > 2:3 and 2:4 are lost. RSN 2:5 can not be ACKed, because that would > > > imply the client received CV and F, which it did not. > > > > > > > > Thanks for clarifying your case. I think what you're assuming here is > > that when the client receives out of order handshake messages, it > discards > > them rather than buffering them. Is that correct? > > Yes, that is what one message at a time means. > Well it could mean other things. That's why I asked. > In that case, yes, it > > should pretend it didn't get the records as well, and I think the right > > answer would be to not generate a new ACK and rely on the server's > > retransmission timer (which needs to run anyway). > > One thing to note that there is no way for either side to say: "I > received _something_, but nothing useful". Well, we could in fact use an ACK for that, which is basically what TCP does. There can also be interactions with giving up on fragment transmissions > (in order to limit memory usage). > > Suppose similar case as before, but 2:1 gets lost instead of disappearing, > and is found after 2:5 is received by the client. > > The client will then generate second ACK, which ACKs 2:1. The server then > receives the ACK and has no idea what the client is talking about, since > server has dropped the state. But presumably fast-retransmits 2:4 and 2:5, > now as 2:6 and 2:7 (3rd transmission for both). > It's not clear to me it's useful for implementations to delete state in this case. -Ekr > > > -Ilari >
- [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara