PMTUD (ICMP variant)

[martinduke]

Here is an alternate solution to he PMTUD section as discussed in Issue #64
#64

I think it is much cleaner and clearer about what to do. It assumes that ICMP black holes are not a huge problem in the internet, and that no one is using a UDP socket API that prevents them from stopping various noncompliant behaviors. I much prefer this version, although some may find it too restrictive.

[martinthomson]

Rather than log this here, open a separate issue.

[martinthomson]

Path MTU Discovery?

[martinthomson]

I think that we're going to need a definition for "path", which leads to this being simply: Endpoints MUST maintain a separate PMTU estimate for each path.

The implication of your construction is that different remote IP addresses get a different PMTU estimate, but different local ones might not. That's probably fine if the endpoint knows that outgoing packets from different local addresses go to the same remote address over the same path, but I'd rather assume nothing in any mandate we make.

That said, if an endpoint has really good information that paths are the "same", then estimates can be easily copied from one path to another.

[martinthomson]

You need to point out that this only applies to IPv4.

[martinthomson]

Why? What is the maximum size? Can a client reduce the size if it discovers that the packet doesn't fit? How far can it reduce the size?

Is that an RFC6919 "MUST (but we know that you won't)"? I say that because clients will have to balance the probability of packets arriving with the desire to avoid amplification attack. I appreciate that fragmentation here is hazardous for numerous reasons, so I agree with the DF marking, but the actual value we choose here is going to be better if it is fixed somehow so that clients can be compliant.

[martinduke]

Is that an RFC6919 "MUST (but we know that you won't)"?

It may very well be. I thought there was consensus that QUIC endpoints MUST pad handshake packets, but if not we can fight it out in #106.

[martinthomson]

I'm not sure what message you are referring to here. The transport handshake doesn't really have concrete messages.

If you are referring to the TLS handshake, then that only has one message from the server in many cases. If you pad that message, that could be an issue. We're already pushing the limits of what is reasonable given that it usually contains a server certificate.

What problem are you attempting to solve by requiring DF on the server messages?

[martinduke]

Padding the server message verifies that the MTU is the same on the reverse path.

[martinthomson]

Is the assumption that an attacker won't be able to a) observe the initiation of the connection, and b) guess the RTT? Because both of those are not true in the general case. Randomizing the interval and recommending a minimum idle period might work, but only if you also levy some sort of penalty on an attacker. For instance, spurious ICMP/PTB messages can cause future messages to be ignored.

Given that you have the rationale for this in the next section, I think that you should move this requirement down there.

[martinthomson]

This list needs bullets.

[martinthomson]

Would it be reasonable to trim this list more aggressively than otherwise? Several reasons:

1. It only results in lost PMTUD feedback
2. It reduces exposure to those off-path attacks
3. Path elements are able to respond in less than 1RTT

[martinthomson]

We should refer to a path here. How we identify a path locally is probably something we need to include in the definition.

[martinthomson]

I'm not an expert but this seems wrong: if the signal originates from the remote side of a congested link, isn't this a great way to add to that congestion?

[martinduke]

Thanks for the comments. I'm closing this PR in favor of a significantly modified #106 that incorporates the comments that are still relevant.