Clarify 1200 bytes Initial packet rule #1987
Comments
|
In an effort to prevent handshake deadlocks due to the amplification factor limiting the number of bytes the server can send, I think it's wise to pad all UDP packets containing a client Initial. I suspect that is why the text is written that way. |
|
This is needed in the following case: The server sends a ServerHello that spans two (INITIAL) packets, one of which is lost, and then starts sending the cert (in HANDSHAKE packets) until it is blocked by the 3x limit. The client will send an ACK for the one INITIAL packet that arrived. |
|
It would be nice to state that it is a requirement for client and not server. |
|
Regarding when to stop padding Initial:
I think that client can stop padding Initial when it has CRYPTO frame to send in Handshake packet. This is because at this time server has nothing to send and client will retransmit Handshake packet thus no dead lock. |
|
With the fix for the Initial injection attack that we discussed in Bangkok, the client won't send any more Initial packet after transitioning to Handshake keys. |
|
Let's roll this up into the changes for dropping Initial keys early. @marten-seemann, I don't see your slides in the quicwg/wg-materials repo, can you create a PR for that? |
|
Done: quicwg/wg-materials#96 |
martinthomson
added
editorial
|
Fixed in a326fec. |
While reading https://quicwg.org/base-drafts/draft-ietf-quic-transport.html#rfc.section.14, one can read that any Initial packet from client and server MUST be padded to at least 1200 bytes.
My understanding is that only client first Initial packet MUST be 1200 bytes. If it is correct, it would be nice to explicitly state that so.
The text was updated successfully, but these errors were encountered: