How to recover from loss of 3 Handshake packets without receiving PATH_RESPONSE #1257
Comments
martinthomson
added
editorial
|
The intent, as I understand it, was 3 packets out for every 1 in. Is that the understanding? |
|
Martin's correct, that was the intent. |
|
I think it would be nice to clarify this by explicitly saying that it is per received packet. |
|
Please do so, and make it clear that it's a decryptable packet with a unique packet number (assuming that's correct) |
|
To be maximally correct, I believe it should be per new packet that's received and processed, not just decrypted. |
|
This was addressed in the stream0 design team changes. Don't send more than 3 datagrams without receiving acknowledgments, and any acknowledgment is enough to provide address validation, after which any number is OK (short of limits on congestion control, etc...). Reopen if you think we need more words. |
|
Any acknowledgement? That seems odd, given how easy it would be to forge an acknowledgement of Initial packets with easily-guessed sequence numbers. Clearly receiving anything under Handshake keys verifies actual receipt, though. |
|
Imprecision in my comment only. The text in the draft is clearer. It says any acknowledgment with Handshake keys. |
Draft 10 introduces PATH_CHALLENGE and PATH_RESPONSE, and it imposes a restriction on server that it cannot send more than 3 Handshake packets without receiving a packet from a verified source address. The guidance is include PATH_CHALLENGE in each packets and wait for PATH_RESPONSE from client.
What if all 3 Handshake packets are lost? ACK is also lost, client just keeps re-sending its Initial packet (note that Initial packet cannot include PATH_RESPONSE). Server has sent 3 Handshake packets, so it cannot send any more packets.
The text was updated successfully, but these errors were encountered: