IETF Logo Mail Archive

Re: [TLS] Efficiency of ACKing scheme

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 09 April 2020 15:09 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18E3A3A0959 for <tls@ietfa.amsl.com>; Thu, 9 Apr 2020 08:09:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=u8VbDkVq; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=u8VbDkVq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RsIqxJoO9WlR for <tls@ietfa.amsl.com>; Thu, 9 Apr 2020 08:09:47 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2050.outbound.protection.outlook.com [40.107.22.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C2C13A0957 for <tls@ietf.org>; Thu, 9 Apr 2020 08:09:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BGwIkY0x9yrDmZ5HDwXkGHUKqOvqcV2nOL1qcHq7bdk=; b=u8VbDkVqnWSk1x5ZE3yCkyqNlBqyTnEFg2rqmYGNn2WNYZcj+1hoShom9y/fNG0iItzH5f4JigLFwkkSruEnXEWtY0hqIkTXCQcmYSdeGqWuG389u7pcIspOLw/TVPhmb7+JOTfM9rB6w1W8xFgMtiqbUdemF9aVmoNmVMvPCGY=
Received: from AM7PR02CA0008.eurprd02.prod.outlook.com (2603:10a6:20b:100::18) by VI1PR08MB2958.eurprd08.prod.outlook.com (2603:10a6:803:3d::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.19; Thu, 9 Apr 2020 15:09:43 +0000
Received: from AM5EUR03FT043.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:100:cafe::f8) by AM7PR02CA0008.outlook.office365.com (2603:10a6:20b:100::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15 via Frontend Transport; Thu, 9 Apr 2020 15:09:43 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT043.mail.protection.outlook.com (10.152.17.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15 via Frontend Transport; Thu, 9 Apr 2020 15:09:43 +0000
Received: ("Tessian outbound 4b84da486446:v50"); Thu, 09 Apr 2020 15:09:43 +0000
X-CR-MTA-TID: 64aa7808
Received: from c34be9d582a1.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id A680C6FC-6DEA-422A-A18B-A1D4197665AF.1; Thu, 09 Apr 2020 15:09:38 +0000
Received: from EUR01-DB5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id c34be9d582a1.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 09 Apr 2020 15:09:38 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gyzzK75jOTInB1iId2flaMRNFnfSkMBI8p0nRhfwwWEzNsUlGGdqFP2uJNq2sW6YcMeai0fogKEi9yd00A0AAol+5ZTNtKX8tUm7P3kmyld2t8xrqYhI6pAbjnUtvoQXD3SyqzuxunXEyH/3zlOGfofa2L69lYqsKSUxZwr2UTFSSfQOw33OI3vrLcm/T5tIQzUT41dIEzRzMEB3VcwS+4iHTL3wTpy9M+vKedpaLIITKXbBVrUHB1pslV6wjItLq8CskfxgxFwTu8ty0l+0UMXq3UHZxFHDcLaje1nqv9s2ODSqD2LMWuvwjXaJx9CSUf6WnUdGta6CDoJ1Ez02BA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BGwIkY0x9yrDmZ5HDwXkGHUKqOvqcV2nOL1qcHq7bdk=; b=nCi8cqOsVICbh2Ap6v1IX3jOGOiUwcheWHNjv4+P5+7m7BuxvUIHZnT/BgHUrt+H8bDTK9XeZkPKT+RpDUjSZ0WZin+QNPXRSxexOXlXdVcqTHJ8Ujjq1KRkNuLa9Fp3zYocDCauLTv49AXv3uhU4fODIIuir8iL6CjCj2HLmwDhre1KghXpCrCMRytaiThY9v+1WupAYk4gv7XJGNulCvkGLqZBuOIO3pdfVWeGv3Z5DZDddqe5XnbWJK764rGl9bf6rQN0b7vMI4aATMRXdNWZdHwF4/wX36TBHJM9q+a6MxMGg11zZLZWUNcNP2EAV2ELl+BtHLWWyNHN5zikmw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BGwIkY0x9yrDmZ5HDwXkGHUKqOvqcV2nOL1qcHq7bdk=; b=u8VbDkVqnWSk1x5ZE3yCkyqNlBqyTnEFg2rqmYGNn2WNYZcj+1hoShom9y/fNG0iItzH5f4JigLFwkkSruEnXEWtY0hqIkTXCQcmYSdeGqWuG389u7pcIspOLw/TVPhmb7+JOTfM9rB6w1W8xFgMtiqbUdemF9aVmoNmVMvPCGY=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB4130.eurprd08.prod.outlook.com (2603:10a6:208:132::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15; Thu, 9 Apr 2020 15:09:37 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::2159:870b:25df:e612]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::2159:870b:25df:e612%5]) with mapi id 15.20.2878.022; Thu, 9 Apr 2020 15:09:37 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Eric Rescorla <ekr@rtfm.com>, Thomas Fossati <Thomas.Fossati@arm.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Efficiency of ACKing scheme
Thread-Index: AQHWCdUmcw6BnTFxZ0GrZHianQcZlahnnDQQgAO7OoCAAKsoAP//86kAgAAdq4D///6F3YAAREwAgAD0k7KAA3V2gIAADseAgAAbtwD///RFgAACd9OA///wuAD///bb0A==
Date: Thu, 09 Apr 2020 15:09:37 +0000
Message-ID: <AM0PR08MB37166F4946EE1A27499AD1E8FAC10@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM6PR08MB331820C710440F07055382739BC70@AM6PR08MB3318.eurprd08.prod.outlook.com> <AM6PR08MB331832C84A0E5D04AA5612A99BC70@AM6PR08MB3318.eurprd08.prod.outlook.com> <8fed27dc-f5eb-4104-8308-186c361781bc@www.fastmail.com> <6EC8987C-A1E0-454F-AF09-A43260EB2B56@arm.com> <CAChr6Sx96KBLS+VYFo7DdybraBo7ubz7ojp0fR3XjFcuGWB-2A@mail.gmail.com> <03849701-1A14-4E1A-8298-D483E74E380C@arm.com> <AM6PR08MB3318181A1F2C5B19E9392F849BC20@AM6PR08MB3318.eurprd08.prod.outlook.com> <EAB4DCDE-78B4-4B0F-B243-429C3590923D@arm.com> <AM6PR08MB3318F770AD9A53CC0C9F88FA9BC30@AM6PR08MB3318.eurprd08.prod.outlook.com> <FFC3507B-5253-4525-A7A4-D9D45422FC69@arm.com> <CABcZeBOd44CL-8kjwntS9fMg9NgzpgXhkXNi6Lsc70BwAqaxwQ@mail.gmail.com> <337B9506-31F3-463C-B447-FEFBEFEC32A7@arm.com> <CABcZeBN=jsr-WJnbxNao+jLneEGz8waTkGerHqexKVekBV-aug@mail.gmail.com> <5744AFC1-D9B5-421E-893B-949ACA76C51D@arm.com> <CABcZeBPdDeqF1SxZZ7nsvpyqejHnDqpV=9b3KmMn_eB4gFR=Lg@mail.gmail.com>
In-Reply-To: <CABcZeBPdDeqF1SxZZ7nsvpyqejHnDqpV=9b3KmMn_eB4gFR=Lg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: a09488af-6381-4821-91f8-0fc6de131954.1
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.115.119]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: af6b052f-4d50-47f3-40ae-08d7dc9808c1
x-ms-traffictypediagnostic: AM0PR08MB4130:|AM0PR08MB4130:|VI1PR08MB2958:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <VI1PR08MB2958651D6CB922B858781CC9FAC10@VI1PR08MB2958.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
x-forefront-prvs: 0368E78B5B
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(136003)(396003)(39860400002)(376002)(346002)(366004)(7696005)(6506007)(53546011)(66476007)(66946007)(316002)(66556008)(81156014)(9686003)(8936002)(4326008)(110136005)(86362001)(71200400001)(66446008)(64756008)(6636002)(33656002)(76116006)(966005)(26005)(81166007)(478600001)(186003)(2906002)(52536014)(55016002)(5660300002)(8676002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: yDQb0e2hXBP6y3Jf41bb3MrdS6+7RKVYMadPchJN+6XrWMOLKpfl9oGTVvEj6qCOSOnHV64l2GtBPf6KnMYFs/b7sNx7hmnBdtkA34ETf+qj7bTQxrGwMLbHZxd45dwubMS0hNjboiIjgvi1AOScEJghqSGnbUXa02/BoaBTgS66gb99GaFf5KKdHZRXKzpeoXI0G0TmRI1+j+801drkLpix0iBdIBu0LSGEdigtdmodfmH+o16ZMiIy3xsNlF183kr+RV7ctqSi0+XBq8oOcsCzXJTS+br9ZJkltiUL3fiOCMWgkkC0ZOnK44Mi1PMOjjndk1Rc7OA8upGRzbSIo05tfcl/mC7SnZpCYl4ucEkqjZQx+crUN9z/+1gW+RSuzyETc8BsI1RCCvong6q4JP5BNwV+zzoN0mKh/RIlTeJsRa5VqD0AOCptxIAxhu+0WHnuwvHVyIcrTrltT6LCrp8s4xBhe6OOGWR3bqvWTWuAhqsTux6+jdKEmZndXz+uTTJYK8STKlCkG13vgyV/VA==
x-ms-exchange-antispam-messagedata: Y3LzYoHRaDXzXQK2vwliiTNith5e2FftKMDfKG2Z6opwSEJUtQa0gGHrz0y3dHDK6gx90m6GUpqviwe/IJlCU+/wgtynMGiAYQWJajnn+NPx8TLs0HYHfZ+ub7zeTq2i/AZh8skAfRMsFzVvM42XNA==
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB37166F4946EE1A27499AD1E8FAC10AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4130
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT043.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(376002)(46966005)(6506007)(316002)(478600001)(36906005)(110136005)(47076004)(82740400003)(26826003)(81166007)(33964004)(52536014)(5660300002)(70206006)(70586007)(966005)(26005)(86362001)(8936002)(4326008)(336012)(55016002)(53546011)(186003)(9686003)(6636002)(33656002)(356004)(7696005)(8676002)(81156014)(2906002); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 8f4de4c1-a9af-4b95-adc0-08d7dc98051e
X-Forefront-PRVS: 0368E78B5B
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: jXq6A4D/3poAUmtooz5/i8HKvsVOu7UzPr8oeCCUowg4ypbEKFGKs9dB/rlDX5hPivYRrdLG9kqGeKFHzUeCUalRlGmSQpnFr5Twm89NmZz40CtCFOniSDUS1uI24zxwNUK6JHZVt/gCKgdVX6vsW6SCX5Pl0aSN130NKQGZCG602keCiGjwWrUn0K1vIDE1KKXtS0inQdPhtrgqzoZ6oAFOCt026/ZmfX+/20mk/yVlPPNuTbRhuYTfK8ltlwWOJfS+ICn/gKIV7+RKKDVytCjrTrz1nzeul3v57j0YguFc/xsvsI0XL/8TPQAIDEFnENUppyMvUVaWf5Gn73xDaeh+B1/oEXkK6bAujvJ/JDO5bHmvuHkwdbuM9UKcMQY9HJ9kszm64avOQJ6/qXuccsxcmIMx6eKDWwhX1b0xz/0I2SZNa4pyamGJfs48nEsQzMF7O+XJF/B/JNHGf26GhMeuMaXBUDiS1HVgmcD2Ti1oEjWo0IVLjDbDzpa3M2ofn6I8TbtK4VzZqBD/Lv9ss/50hRMD4uUyLLqraWcZEIZj1rdLtWwG55YHskWCoTpU1VAJ+HglELgC2Exwd26s2Q==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Apr 2020 15:09:43.5456 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: af6b052f-4d50-47f3-40ae-08d7dc9808c1
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2958
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/33yrDIdmkeTvEZ7FGqyYtT81ZuE>
Subject: Re: [TLS] Efficiency of ACKing scheme
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2020 15:09:50 -0000

Hi Thomas, Hi Ekr,

It seems we need to fix Figure 11 of Section 7.1 of
https://www.ietf.org/id/draft-ietf-tls-dtls13-37.html<https://www.ietf.org/id/draft-ietf-tls-dtls13-37.html#section-7.1>
(ACK[1] should actually be ACK[])

It should follow the “empty ACK” description of the last paragraph of the same section.

Good catch!

Ciao
Hannes

From: TLS <tls-bounces@ietf.org> On Behalf Of Eric Rescorla
Sent: Thursday, April 9, 2020 4:33 PM
To: Thomas Fossati <Thomas.Fossati@arm.com>
Cc: tls@ietf.org
Subject: Re: [TLS] Efficiency of ACKing scheme



On Thu, Apr 9, 2020 at 7:28 AM Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>> wrote:
On 09/04/2020, 15:18, "Eric Rescorla" <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
> > On Thu, Apr 9, 2020 at 6:59 AM Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>> wrote:
> > On 09/04/2020, 14:20, "Eric Rescorla" <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
> > > Assuming I understand Hanno's proposal, I do not believe that this
> > > is in fact an improvement, as it does not cover the important case
> > > where the record containing the SH is lost and then the rest of
> > > the messages from the server are uninterpretable.
> >
> > I don't want to speak for Hanno here but the refinement proposed in
> > [1], specifically the bit that says:
> >
> >   [...] They may also proactively retransmit parts of a flight early
> >   if an ACK message indicates a gap.
> >
> > should cover the case you mention I think.
>
> But this requires being able to send an empty ACK that means "I got
> nothing". In which case, I don't see how it's really different from
> the current text except that it gives the sender less guidance.

Not sure there's an "empty ACK" in Hanno's proposal.  This is how I
interpret it in the context of your example: in the second flight, if
rec#0 (containing SH) is lost and rec#1 gets through, the receiver sends
ACK {1}.  From that the sender can infer the gap and retransmit rec#0.

You can't send ACK{1} because you can't  decrypt it because it is out of order with respect to the DH key. This is the point of the empty ACK.

-Ekr



(But again, I'm not him and that's why I suggested collecting all the
pieces of this discussion together in one PR.)

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email