Re: [TLS] On the two types of ACKs in DTLS 1.3

Hanno Becker <Hanno.Becker@arm.com> Thu, 23 April 2020 06:49 UTC

Return-Path: <Hanno.Becker@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B01E3A1587 for <tls@ietfa.amsl.com>; Wed, 22 Apr 2020 23:49:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=bv4q503u; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=bv4q503u
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kAccKNacabQN for <tls@ietfa.amsl.com>; Wed, 22 Apr 2020 23:49:56 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00043.outbound.protection.outlook.com [40.107.0.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D0753A1584 for <tls@ietf.org>; Wed, 22 Apr 2020 23:49:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=29YfAIx+eLefcC6lbZ8EfbHm3Aw3oH841OvtJKqZP+4=; b=bv4q503u1BLTQ9q3vJQnemoBy5qlnzOXOSsuhr0jf1Z5pDQfZMToXHHaiJg5Lv6r8lQbAmrhqmIoIAfDdTpBwEB8UvP4J0saOLgAcK8FnFoC4ciALfwoTWMY2XhDFSpIsq7lfLzYmK+mG/u5g0af87Ul2qX1y1P3m8nBmi8ZfBc=
Received: from AM6P193CA0069.EURP193.PROD.OUTLOOK.COM (2603:10a6:209:8e::46) by AM0PR08MB4180.eurprd08.prod.outlook.com (2603:10a6:208:12d::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13; Thu, 23 Apr 2020 06:49:52 +0000
Received: from VE1EUR03FT037.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:8e:cafe::bc) by AM6P193CA0069.outlook.office365.com (2603:10a6:209:8e::46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13 via Frontend Transport; Thu, 23 Apr 2020 06:49:52 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT037.mail.protection.outlook.com (10.152.19.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.19 via Frontend Transport; Thu, 23 Apr 2020 06:49:52 +0000
Received: ("Tessian outbound 3a3e6dcbad0e:v53"); Thu, 23 Apr 2020 06:49:51 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 6730849d6fef137d
X-CR-MTA-TID: 64aa7808
Received: from af7dabb82c06.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 3B505821-00EF-47AE-89EC-870F9C63AA20.1; Thu, 23 Apr 2020 06:49:46 +0000
Received: from EUR01-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id af7dabb82c06.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 23 Apr 2020 06:49:46 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GGsabEx4VB5xmjhTj21AdpYy4CTqjn3j0WXwFJjof8V112xSGvW3MFNToznmfAdL0GZ7YNZz8O2mZ/zpreHJuqoPXNMkOegTBCI482J2vcL48mbI7rLuNLrV+chuo0Qpp8vhJK5o7eGb4GlJXcm0CSngvox96wnusm41r4pqCfCU6VnJb1rZTNiG5e9o8CDg5xZt8BEm3v8GySnonxnVV4LDQWf6iL2U3P5fC8ROG1uhuzAn8Qa1sFkZelQzTCYdf1iy5e+gJrS7Xn24G9nwzmxWXoaQcYSW3lwX9nEedqysiDty/rsSyvqXLv71y5SieHgFqMo+5d6L3rIUYlwaGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=29YfAIx+eLefcC6lbZ8EfbHm3Aw3oH841OvtJKqZP+4=; b=XrxB6Z4SwxmRQLtX2KcPB5/5qhvANtN0nrmVLxFZZxlVXn0dMmAYFuCwhwdJXofbOw1wHu1vLwKaC9eFdHTbAT9sx8oXu/T7sJhg7Zh5PBLhN03h61lW+WMIOhcStmDdyPdLB4GNLe2fUAdDUF0HmJqFRptzD8+YVHliYzrbjDLeoP4OKeR37L6khaCfQi/VclHLGDkIXlPH9Iyxg5XxQuxNYoCxOmum8xiE1ERwL80SZZpSVMrJCS7G+J4vCIE7AVrybOZ21k/13nBsz7kW87DqFswLCqeX9IMhd4KhhmNtcDWmL7QFm92H8runT6H7sXhPH3y7VPBNdTIsb+Cs4w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=29YfAIx+eLefcC6lbZ8EfbHm3Aw3oH841OvtJKqZP+4=; b=bv4q503u1BLTQ9q3vJQnemoBy5qlnzOXOSsuhr0jf1Z5pDQfZMToXHHaiJg5Lv6r8lQbAmrhqmIoIAfDdTpBwEB8UvP4J0saOLgAcK8FnFoC4ciALfwoTWMY2XhDFSpIsq7lfLzYmK+mG/u5g0af87Ul2qX1y1P3m8nBmi8ZfBc=
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com (2603:10a6:209:45::15) by AM6PR08MB4949.eurprd08.prod.outlook.com (2603:10a6:20b:ee::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13; Thu, 23 Apr 2020 06:49:44 +0000
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d]) by AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d%5]) with mapi id 15.20.2937.012; Thu, 23 Apr 2020 06:49:44 +0000
From: Hanno Becker <Hanno.Becker@arm.com>
To: Christopher Wood <caw@heapingbits.net>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] On the two types of ACKs in DTLS 1.3
Thread-Index: AQHWCa+c/6zqL3NX202z6YHPiVC69KiF6cOAgAB387Q=
Date: Thu, 23 Apr 2020 06:49:44 +0000
Message-ID: <AM6PR08MB33181AE7A270DBF7AF08BD789BD30@AM6PR08MB3318.eurprd08.prod.outlook.com>
References: <AM6PR08MB33187063CE8ED77847600C709BC70@AM6PR08MB3318.eurprd08.prod.outlook.com>, <d4e4918e-3dc9-47c1-88e6-ca439f5e85b4@www.fastmail.com>
In-Reply-To: <d4e4918e-3dc9-47c1-88e6-ca439f5e85b4@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
x-originating-ip: [86.177.220.146]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 753a8e44-5346-4b63-9307-08d7e7528655
x-ms-traffictypediagnostic: AM6PR08MB4949:|AM0PR08MB4180:
X-Microsoft-Antispam-PRVS: <AM0PR08MB4180CEA7A31FB833E7A858989BD30@AM0PR08MB4180.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 03827AF76E
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3318.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(376002)(346002)(39860400002)(396003)(136003)(86362001)(2906002)(8676002)(76116006)(66446008)(66556008)(66946007)(66476007)(64756008)(71200400001)(52536014)(5660300002)(81156014)(8936002)(966005)(19627405001)(9686003)(6506007)(186003)(26005)(478600001)(7696005)(55016002)(316002)(53546011)(33656002)(110136005); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: picA5+7BedKI+354bfjvtJBuWg8F+BDgxkhtBe04WOGJxlFYfmcL6Z5ZkpX0lumu6cpyq1CZI4MB4FOq/kI/ZH/HWV2r6YlCzCN6qQbzUJUMqtSjWwrT64PPZEoFTxaAXdMd976csDMSTVIAffkt6OGNK4nezlSLRwM+LK++2U39KL/m5Wr24jneMrL1I49dFZIODPoKQkfyFXiU8Z/uBoKYvbckul9rJPPA9/JPTn6gRWOMyJrb4hyAiDRslDqKAWyQIIlqRnBwZ1kJ36ghFe405QEm5AoxNfGPHT9O+kXW3EcqGy6nBrneww+i4II6YvH2JXnhWi9pyakthHNAhltYF8TifZ0ZisRoNHUj2cvp4MSWzeN6g9FjTiUTj243ynARtCthEWTPogOBpLEulxZGuMAvUuuZ7pIXxsIJTn1BTwA+bGuDPSMdzoz8LcS35Zhp0Dz89Rsc2tGzClAH3lC4pgcyAk2rGhzurTbrRDWW1PBCSED8BMobabfTr4dtI6EsZ71oPCRbrrhSKuW1Pg==
x-ms-exchange-antispam-messagedata: ZD7u9wFh7QnodewXO3nKX/ZS8JnswfCpijx6jsZowIh5LaTheBMe63ujgc8QtGwuu+pFptJlIdKZ5ThwpTH+z6lSZzLJHBBfKk4gkMyJfcWUGo7cEVutMwb4C9WLqsmY1olb2Z1WQHPqez2qDeabuQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM6PR08MB33181AE7A270DBF7AF08BD789BD30AM6PR08MB3318eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4949
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT037.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(39860400002)(136003)(396003)(46966005)(82740400003)(316002)(966005)(110136005)(33656002)(478600001)(336012)(9686003)(36906005)(55016002)(186003)(19627405001)(8936002)(81156014)(52536014)(47076004)(70206006)(7696005)(8676002)(70586007)(81166007)(82310400002)(356005)(86362001)(26005)(30864003)(6506007)(5660300002)(2906002)(53546011); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: c3917dc9-dff6-4961-dd1b-08d7e75281cc
X-Forefront-PRVS: 03827AF76E
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: jTmW2laGflTV3RJItSRu1/oSAQ9ztfZm/YFw/nv8jdlhySN+7C5xbI9DgxhSAS0VbEhPjhSs4Z4MpiShk1I6w6rmxZiURFLeRAhZcGm8HkMXZ6jEVFdC+cUgy+IS6GOmTIj+uBrFKSRS2OE2W9xEMgkGIcg4gHUV1Q6xINYAZwp472/P8x5AMAd5bXf6OTfuHs5Jp4r2+n2owt2BnA5qOize6zz7KwZE6DylOvF3vLaTFxDFPoiC2rSowSCCFctUeML7G6r0E53RAK14/zeheeBz+BDKUBNCTjFaKoTzy6OPYDIymBdA+53TCrAC8waoy8d+apw/e/k+M+YfStxYXwm319s7iDxwig2tMMwk/ebdaipO+JGu1BZCAyh5VFteGLA8T/S7NCbDZV9lLoP1q9XhuJj0Qw1AWVlOwscLOotSxK10xp9jNge2z+/45ASA+cbHp2BrAVtRwMUenKVlqrHKGGtpOvbN+1PlMTk1JBuo7Ryj01hdo14zs9k+apIAFY8TB+I+eN4bMzCpz+RLI0fAufqnlQUp8UsPjUww44ofDCvv4rTUKy8q+NliS/j/eyf+iSIhKf4NkhqOmhopEw==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Apr 2020 06:49:52.1924 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 753a8e44-5346-4b63-9307-08d7e7528655
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4180
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YgjbTVTVDQYC9pkrRhSQzXm7vS8>
Subject: Re: [TLS] On the two types of ACKs in DTLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2020 06:50:00 -0000

Hi Chris,

Thanks for your reply. No, the PR does not address the issue described below,
because it keeps the use of a single kind of ACK for the two different purposes
(a) retransmission requests [optional] and (b) acknowledgement of completion
[mandatory]. However, it clearly describes this double-use of ACKs, which already
is a good thing IMO.

However, as mentioned, given the late stage of standardization, I merely wanted to
have this point raised and perhaps discussed, but didn't expect a change in the end.
Unfortunately, there doesn't seem to be much interest in this, so I think one can put this
to the records.

Cheers,
Hanno
________________________________
From: TLS <tls-bounces@ietf.org> on behalf of Christopher Wood <caw@heapingbits.net>
Sent: Thursday, April 23, 2020 12:34 AM
To: TLS@ietf.org <tls@ietf.org>
Subject: Re: [TLS] On the two types of ACKs in DTLS 1.3

Hi Hanno,

I believe this (now merged) PR addresses your concerns:

   https://github.com/tlswg/dtls13-spec/pull/140

Best,
Chris

On Fri, Apr 3, 2020, at 5:08 AM, Hanno Becker wrote:
>  Hi all,
>
> I am aware that we're late into the standardization of DTLS 1.3, and
> likely too late for any intrusive change, but I'd still like to share
> another comment on the proposed ACKing scheme and its implication on
> complexity of migration from DTLS 1.2 to DTLS 1.3, in addition to the
> aspect discussed earlier regarding handshake-level vs. record-level ACKs
> (https://mailarchive.ietf.org/arch/msg/tls/O0pghTnz_8q1AiHSeMSzxZg30RM/)
>
> As it stands, there are two quite different kinds of ACKs sharing
> the same wire-format:
>
> 1. ACKs as 'retransmission requests'
>
>  Consider the following two excerpts from the draft:
>
>  A:
>  "When an implementation receives a partial flight, it SHOULD generate
>  an ACK that covers the messages from that flight which it has
>  received so far."
>
>  B:
>  "Upon receipt
>  of an ACK for only some messages from a flight, an implementation
>  SHOULD retransmit the remaining messages or fragments."
>
>  This means that ACKs should be sent only on signs of disruption,
>  and that receivers of partial ACKs are supposed to immediately
>  retransmit.
>
>  In particular, this precludes recurring use of ACKs where an ACK
>  is generated for each message as it comes in and is processed:
>  Indeed, implementations behaving this way would trigger multiple
>  retransmissions on the peer, provided the peer obeys (B), even
>  if there's not a single packet-loss or reordering occurring.
>
>  In this sense, the above ACKs are 'negative' and should not be
>  seen at all during a disruption-free handshake.
>
>  Note, also, that handshakes will continue to progress if this
>  kind of ACKs is entirely ignored, which amounts to falling back
>  to how DTLS 1.2 handles retransmissions, purely on the basis
>  of timeouts and implicit acknowledgement.
>
> 2. ACKs as 'acknowledgement of completion'
>
>  In contrast to the previous kind of ACK, those ACKs are 'positive'
>  in that they indicate completion of a handshake, and they are
>  mandatory in that a handshake will not complete unless they are
>  used. In particular, an implementation MUST support those kinds
>  of ACKs.
>
> At the moment, both kinds of ACKs are handled in the same way on the wire,
> and in order to even distinguish them an implementation has to maintain
> accurate knowledge of the sequence numbers of records it has sent.
>
> In particular, even if implementations decide to not make use of
> type-1 ACKs -- that is, retransmission requests -- it doesn't buy
> them anything in terms of code-size and simplicity, because they
> still have to implement type-2 ACKs, and detecting those requires
> implementing record sequence number bookkeeping.
>
> I believe that this will harden migration of DTLS 1.2 stacks to DTLS 1.3,
> because it makes the minimal difference between a compliant DTLS 1.3
> implementation and a pair of "DTLS 1.2 + TLS 1.3 logic" quite large.
>
> In contrast, if retransmission requests and completion-ACKs were treated
> differently, and in particular easily distinguishable on the wire, then
> migration from a pair of DTLS 1.2 + TLS 1.3 stack to a minimal compliant
> DTLS 1.3 would only require implementing 'completion-ACKs', which, since
> they convey only a single bit of information, can in principle have a
> much simpler wire-format than what we have for ACKs today.
>
> I would be interested in comments from implementors, esp. for stacks
> targeting embedded / constrained environments.
>
> Cheers,
> Hanno
>
>  IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy
> the information in any medium. Thank you.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.