Re: [TLS] [DTLS1.3]About the retransmission of Handshake records

Eric Rescorla <ekr@rtfm.com> Wed, 27 November 2019 21:37 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A98D6120AC1 for <tls@ietfa.amsl.com>; Wed, 27 Nov 2019 13:37:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MZKjse8QtZ0N for <tls@ietfa.amsl.com>; Wed, 27 Nov 2019 13:37:50 -0800 (PST)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31DA51209E3 for <tls@ietf.org>; Wed, 27 Nov 2019 13:37:50 -0800 (PST)
Received: by mail-lj1-x234.google.com with SMTP id d5so26105735ljl.4 for <tls@ietf.org>; Wed, 27 Nov 2019 13:37:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hQOGlchDPccE9g9J3xWgfxZzttllpUu0S70IYu6g3qY=; b=QTiuZ0TLiRpjymUkLJu2eywUf8wQdKFRRI9bgmNJnr8Bxf23V/qtfL8VWOuJlxTtQ7 O/3xDnYXkIGu/zICYPnW1ZJWyuT9cxysNg8Dq4HmbJoJiolyqg8G/pTgXO8Nckz0GHdh SEMvLysm5vuEK+Zh86cdVRL3ZZYqcfQEDl9oTrm6s+f5eE0A3yoLK/gTqtHkU4IlnSl7 hSnj0ohRbCLl4vxN7ssJBom56u18XI5qNU6vpOwlG6t9RsjQcZ3mGqlXll9FK98e3k3q JKG0Ek+griozWKbhIlu25/UN0iWDpA5XyL7+6mzFDhso58r5QurEWNnnsJ95qVX2TOnV Z+aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hQOGlchDPccE9g9J3xWgfxZzttllpUu0S70IYu6g3qY=; b=oCihXCqHNajtQC9zPdQ/bAm2NFK2sbO2sexODHO+xJFGKiW4Zb+mjdmhia1pCCK/rY 3675hZCxumo1HG2Zd30o1lu2fNdDdSDrd/x626k1wmVvxxJIYgZpsqRWJ/lNjbMF4Hi+ +bRl6v6gx+FmzljIsHU9tMcVQutKhEpad3CQxIKxNJvwx6XEEmOjK/X6/3DUPlZyBG9X uXaNs1RykIhoqIZvqqURKQtUNdkvo0QS9xIaxywcQabrDFIE7vkjkQ/4911MPF9j+PIK bdO1s3UDvCV01cC60O3vJW45/atBJBwKwgY00jXnlpTq3lEIp8dX58sDcFvkA2+Vufah NFZw==
X-Gm-Message-State: APjAAAUOJvZte6+pNtqRjwWzeCRJqelE+B+q0E6ms+0OM5Q3ooN1vpxB U0pj8I/T+17WsifK3tonYUahtswG0NqLyZ/ZwsA0gQ==
X-Google-Smtp-Source: APXvYqzReae0e+BmA5S59DnJ01yJ7r9lUHganWghu3Aw8TgIBimNIj18LRLFBy80CyeVaTx58gRTeD/rs1/Fxv4SYn0=
X-Received: by 2002:a2e:9842:: with SMTP id e2mr31939623ljj.93.1574890668453; Wed, 27 Nov 2019 13:37:48 -0800 (PST)
MIME-Version: 1.0
References: <CAAnY7J27g1Df0XBe1U66z98ThQgRaom1YBF9k2UGTi4YL9i+Ng@mail.gmail.com>
In-Reply-To: <CAAnY7J27g1Df0XBe1U66z98ThQgRaom1YBF9k2UGTi4YL9i+Ng@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 27 Nov 2019 13:37:12 -0800
Message-ID: <CABcZeBOuJ3bOKOt6vFRJzOZbwkXzZK0jUJNyAxeAmkpxQJCzzA@mail.gmail.com>
To: Xuan k <kxuanobj@gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000da89c205985ace63"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/zTNA8OPLeVA9P-Xy-8921aGAa1M>
Subject: Re: [TLS] [DTLS1.3]About the retransmission of Handshake records
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2019 21:37:53 -0000

On Tue, Nov 26, 2019 at 10:05 PM Xuan k <kxuanobj@gmail.com>; wrote:

> Hi all,
>
> I'm trying to implement a DTLS1.3 library for embedded devices. But It
> seems something weird about retransmissions and ACKs.
>
> In the section "5.2. DTLS Handshake Message Format":
>
>    The first message each side transmits in each association always has
>    message_seq = 0.  Whenever a new message is generated, the
>    message_seq value is incremented by one.  When a message is
>    retransmitted, the old *message_seq value is re-used*, i.e., not
>    incremented.  From the perspective of the DTLS record layer, the
>    retransmission is a new record.  This record will have a *new*
> *   DTLSPlaintext.sequence_number* value.
>
>
> In the section "7. ACK Message", the ACK message use the record_numbers
> (corresponds to *DTLSPlaintext.sequence_number*).
>
> For my understanding, the "message_seq" belongs to "Handshake" and the
> "sequence_number" or "record_numbers" belongs to
> record layer.
>

Yes.

The retransmission detection is done by "Handshake" using "message_seq",
> but the "acknowledge" is done by "record layer" using "record_numbers".
> It is so weird.
>

Hmm... I don't think that this is particularly weird. This is, for
instance, how QUIC stream acknowledgement and retransmission works.


The retransmission, retransmission detection and acknowledge should be done
> in handshake process, but we need the record layer passing the
> record_numebrs to the handshake process.
>
> Since a new "sequence_number" is used for retransmission, we have to
> maintain a "record_numbers" to "message_seq" map with dynamic size.
> Each retransmission attempt creates a new relationship between a new
> "record_numbers" to an old "message_seq".
>

Yes, that's how it works in NSS.


Since ACK is only used with Handshake messages, is it possible that we use
> "message_seq" in ACK messages?
>
Or we use *old* "sequence_number" for retransmission,
>

Both of these give you strictly less information about the network. One of
the cool innovations in QUIC is to label each packet separately so you can
determine whether an ACK is an ACK of the original packet or a retransmit.
We are trying to inherit tha there

-Ekr

so we do not need maintain the dynamic map. And if replay detection is
> implemented, the retransmitted
> record can be dropped by record layer (by replay detection), the
> "Handshake Protocol" do not need to do retransmission detection.
>
> Thanks
> Zhai Zhaoxuan
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>