Allow CONNECTION_CLOSE in 0-RTT #3435
Comments
|
IIRC, the rationale behind forbidding use of CONNECTION_CLOSE in a 0-RTT packet was that the client should send CONNECTION_CLOSE in an Initial or Handshake packet. I am fine with allowing use of CONNECTION_CLOSE in 0-RTT, as long as that advice is kept (or stated). |
|
After sending CONNECTION_CLOSE, the client is supposed to enter the closing state and stops responding other than to repeat the connection close. However, the server might reject 0-RTT, in which case the server doesn't know the connection has been closed. I see the principle for including it, but I agree with @kazuho that we should advise clients that it's kinder to send the CONNECTION_CLOSE at other encryption levels as well / instead to ensure the server can read it. |
|
There's already text about sending connection close in the highest encryption level the sender knows the peer can process. When 0-RTT is sent, the client doesn't know whether the server can process the packets. See text starting with I think the existing text advises clients not do this, but making it illegal is silly. |
This allows us to avoid treating 0-RTT specially more generally. The advice on where to send CONNECTION_CLOSE seems ornate, but it reduces to "send CONNECTION_CLOSE in every space you have keys for". Closes #3435.
|
The testing of that feature is going to be interesting. Besides the case of servers that just don't negotiate 0-RTT because they don't feel like it today, there is also the case of 0-RTT packets being lost. The loss is not guaranteed to be detected before the TLS handshake complete. A bad faith server could just ignore any 0-RTT packet that carries a connection close request, and do as if it was not received. I get the desire of treating 0-RTT just like 1-RTT, but the number of corner cases is going to be fun. |
|
Let's be clear: we have a problem of this shape already. A server can sent CONNECTION_CLOSE prior to confirming that the client has the keys necessary to interpret it. It might even have good cause to do so. Ignoring signals is always possible; these signals exist largely as a courtesy, so that endpoints don't dedicate resources to connections their peer no longer wants. |
|
To add to what @martinthomson has pointed out, the server possibly ignoring frames contained in 0-RTT packet is not limited to CONNECTION_CLOSE. While I have a mixed feeling about allowing most if not all 1-RTT frames in 0-RTT too, it is my understanding that that has been the principle we have agreed. I would very much prefer applying the principle everywhere rather than making decisions on a case-by-case basis. |
larseggert
added
the
design
larseggert
added
the
proposal-ready
project-bot
bot
moved this from Design Issues
to Consensus Emerging
in Late Stage Processing
LPardue
added
call-issued
project-bot
bot
moved this from Consensus Emerging
to Consensus Call issued
in Late Stage Processing
LPardue
added
has-consensus
project-bot
bot
moved this from Consensus Call issued
to Consensus Declared
in Late Stage Processing
The exception for CONNECTION_CLOSE in 0-RTT is just odd. We currently exclude things from 0-RTT only because they are impossible.
As @marten-seemann says, "feel free to send me a PROTOCOL_VIOLATION when I send CONNECTION_CLOSE in 0-RTT".
The text was updated successfully, but these errors were encountered: