Re: [TLS] DTLS 1.3 ACKs
Ilari Liusvaara <ilariliusvaara@welho.com> Sat, 24 June 2017 16:47 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05F371243FE for <tls@ietfa.amsl.com>; Sat, 24 Jun 2017 09:47:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ykCDPAjVx8v2 for <tls@ietfa.amsl.com>; Sat, 24 Jun 2017 09:47:54 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id 2B88C1200FC for <tls@ietf.org>; Sat, 24 Jun 2017 09:47:53 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id CF8EC25355; Sat, 24 Jun 2017 19:47:51 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id 6QXwQdyrI8rG; Sat, 24 Jun 2017 19:47:51 +0300 (EEST)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id 4BB7E21C; Sat, 24 Jun 2017 19:47:49 +0300 (EEST)
Date: Sat, 24 Jun 2017 19:47:49 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Message-ID: <20170624164749.bidmu2btsb6xsdjb@LK-Perkele-VII>
References: <CABcZeBMpDLdrqaa7qEKyFFT8c-Qcodc01zDNqYcxmPp0qvi+pQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CABcZeBMpDLdrqaa7qEKyFFT8c-Qcodc01zDNqYcxmPp0qvi+pQ@mail.gmail.com>
User-Agent: NeoMutt/20170306 (1.8.0)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dehrRzMcTxsBageOBGubVceDPdA>
Subject: Re: [TLS] DTLS 1.3 ACKs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Jun 2017 16:47:57 -0000
On Sat, Jun 24, 2017 at 07:57:21AM -0700, Eric Rescorla wrote: > Hi folks, > > https://github.com/tlswg/dtls13-spec/pull/9 > > I have just posted a PR to implement ACKs, largely as we discussed in > Chicago. > Here's the pull comment: > > I have taken a slightly different approach here than we discussed > in Chicago. Specifically: > > - > > ACKs are not handshake messages but a new content type. This > avoids the need to ack ACKs or worry about reassembling > when ACKs are lost. > - > > The receipt of a flight also counts as an implicit ACK and > so you shouldn't ACK full flights. I tried removing this > feature but it leads to weird anomalies where you have > two flights you should be retransmitting if the ACKs get > lost. > - > > ACKs are always encrypted with the then-current key. > - > > I also removed the rule that you don't stop retransmitting > when you receive a partial flight. That was intended to have > fast retransmission for missing messages because the retransmit > of flight A triggered retransmission of partial flight B, but > ACKs serve this purpose > > Comments welcome. I think ACKing a post-handshake CertificateRequest would make sense, if the response can't be generated immediately (e.g., prompting user to select a certificate). It seems ACKs work in terms of RSNs. This generates a weirdness that a fragment can be known with multiple IDs, in case a packet gets delayed enough to trigger retransmission but the original is then accepted. But OTOH, retransmission at fragment granularity is useful with potentially "obese" messages like Certificate. And what is the precise interaction between restarts, 0-RTT and message sequence numbers on client side? As far as I can tell, end_of_early_data is always client message_seq=1, and appears only iff server accepts 0-RTT. Restart client_hello is also always client message_sseq=1. -Ilari
- [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara