[TLS] [DTLS1.3]About the retransmission of Handshake records

Xuan k <kxuanobj@gmail.com> Wed, 27 November 2019 05:07 UTC

Return-Path: <kxuanobj@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3732120B60 for <tls@ietfa.amsl.com>; Tue, 26 Nov 2019 21:07:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e8AAy73w1_C2 for <tls@ietfa.amsl.com>; Tue, 26 Nov 2019 21:07:20 -0800 (PST)
Received: from mail-vk1-xa30.google.com (mail-vk1-xa30.google.com [IPv6:2607:f8b0:4864:20::a30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20415120827 for <tls@ietf.org>; Tue, 26 Nov 2019 21:07:20 -0800 (PST)
Received: by mail-vk1-xa30.google.com with SMTP id b64so5119712vkg.0 for <tls@ietf.org>; Tue, 26 Nov 2019 21:07:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=ayqav6VHpLykJHhZWpaH+QdK92b29GOpwKS7agPkdYM=; b=sr7i4y9vj5g9ANtvDxaED/BHVH5dTBz8RjIgYZsoHy6uMEDSv6nyFcf2RjoUHVAiR0 pTlN0aEuKokVdFJGvBrqgI3mS5tHOp3TiWdD0L00V7lJQUud7opZvaev08iImo3qjBJb cxBQJQQ7c+pKQIMqi5ThD5LRBkRM39Xh++OMwLJ3/UuxWr68DK49ZMwE9KcRAm0fAxgh SQ73/DWXsiCnUlnyc+hMYJCIT8SJuFP8E2VCHQNlOjl62Re+a1+mwnoPjp13D1TbFfqD 65PEsYCUon/6l5BNuI035TJifoyo7QNlv3GWBky8B9Km17InV/1wT4R/DShikOG9Wv1j ZbyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ayqav6VHpLykJHhZWpaH+QdK92b29GOpwKS7agPkdYM=; b=DDio64ZkXGEN3DHhgn7+OBl41SAvLNWrcmSAFM2RgRs5eXLn21kF2d439W1FVxoCFh 1LiKyPPzdAnQLqW/D/YB38QaoORDNYjxeNgtk+JiSESnLAH4gNEkzPeMAWkxDK6FriAF /+u5svqLMYyPN6fFtYj9o0G2PYH8oI3bxLaaPuUUAvqo82A8PM72OCnNn8w/uqENYNzb ngdqfz+JeFa5r42/vOF+qpVByXPfmtS7hjFvDPTXOHjA/bRQirk+yqseetICHt+icfan 3sPNcm14xZQ5eTW6TkjmAvj9DradZn9q/eymzSnXvn+Hs8uRlxpjBEh7Zg6ZglnXcBGo Q6bA==
X-Gm-Message-State: APjAAAWJKVEtYM2m759t6pzg+Nh4K6jgyhBuMj9zjsk1nhgmylHy9fU7 g51U4XP34YULM4KcXMJRSV8gIlFcuwZD3HEln/VSIofY1is=
X-Google-Smtp-Source: APXvYqxXfTR+hCGT9DqaHIW2lYqrBjm5EynEXbSOUOUufxevjtqNO/5t8v7DjP7lizMhaRPuU3G0Sm+1pGyQjO3W9Rg=
X-Received: by 2002:a05:6122:1181:: with SMTP id x1mr1536250vkn.25.1574831238843; Tue, 26 Nov 2019 21:07:18 -0800 (PST)
MIME-Version: 1.0
From: Xuan k <kxuanobj@gmail.com>
Date: Wed, 27 Nov 2019 13:06:42 +0800
Message-ID: <CAAnY7J27g1Df0XBe1U66z98ThQgRaom1YBF9k2UGTi4YL9i+Ng@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="0000000000009290e505984cf828"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TYi4kquGOQO_pW7ba7btuzO5q3A>
Subject: [TLS] [DTLS1.3]About the retransmission of Handshake records
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2019 06:05:06 -0000

Hi all,

I'm trying to implement a DTLS1.3 library for embedded devices. But It
seems something weird about retransmissions and ACKs.

In the section "5.2. DTLS Handshake Message Format":

   The first message each side transmits in each association always has
   message_seq = 0.  Whenever a new message is generated, the
   message_seq value is incremented by one.  When a message is
   retransmitted, the old *message_seq value is re-used*, i.e., not
   incremented.  From the perspective of the DTLS record layer, the
   retransmission is a new record.  This record will have a *new*
*   DTLSPlaintext.sequence_number* value.


In the section "7. ACK Message", the ACK message use the record_numbers
(corresponds to *DTLSPlaintext.sequence_number*).

For my understanding, the "message_seq" belongs to "Handshake" and the
"sequence_number" or "record_numbers" belongs to
record layer.

The retransmission detection is done by "Handshake" using "message_seq",
but the "acknowledge" is done by "record layer" using "record_numbers".
It is so weird.

The retransmission, retransmission detection and acknowledge should be done
in handshake process, but we need the record layer passing the
record_numebrs to the handshake process.

Since a new "sequence_number" is used for retransmission, we have to
maintain a "record_numbers" to "message_seq" map with dynamic size.
Each retransmission attempt creates a new relationship between a new
"record_numbers" to an old "message_seq".

Since ACK is only used with Handshake messages, is it possible that we use
"message_seq" in ACK messages?
Or we use *old* "sequence_number" for retransmission, so we do not need
maintain the dynamic map. And if replay detection is implemented, the
retransmitted
record can be dropped by record layer (by replay detection), the "Handshake
Protocol" do not need to do retransmission detection.

Thanks
Zhai Zhaoxuan