Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stream0 dt output for merge #1450

Merged
merged 35 commits into from Jun 25, 2018
Merged

Stream0 dt output for merge #1450

Changes from 1 commit
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
42f55df
Output of Stream 0 Design Team.
ekr May 23, 2018
cab8295
Fix changelog
ekr May 23, 2018
984ecc8
Fix whitespace
ekr May 23, 2018
36899e5
Offset and length fields in CRYPTO_HS are not optional
ekr May 23, 2018
f8f172f
Remove EMPTY_ACK
ianswett Jun 6, 2018
70b26e8
Incorporate the comments from PR#1377
ekr Jun 6, 2018
af70f23
Remove EMPTY_ACK
ianswett Jun 6, 2018
aa1b683
Update draft-ietf-quic-transport.md
ianswett Jun 6, 2018
927cf12
Add the TLS diagrams
ekr Jun 7, 2018
74300a1
Redact diagram from the TLS doc
ekr Jun 7, 2018
04fd321
Ian Swett's comments
ekr Jun 7, 2018
bf9c62c
server-initiated streams start from 1
ekr Jun 7, 2018
77155f9
Remove last TODO
ekr Jun 8, 2018
779b3a0
Minor editorial
ekr Jun 15, 2018
d3b055a
Remove the advice on how to use coalesced packets for recovery.
ekr Jun 15, 2018
48c9b9f
Self-review, ready to submit
ekr Jun 15, 2018
396c318
Some more cleanup
ekr Jun 15, 2018
777114a
Fix compile errors
ekr Jun 15, 2018
a4ad49b
Restore Generating Acknowledgements
ianswett Jun 18, 2018
6b36300
Mike's comments
ianswett Jun 19, 2018
0cfdf67
Merge pull request #34 from ekr/ianswett-mike-comments
ekr Jun 19, 2018
4065266
Fix retry and remove optimizations
ianswett Jun 19, 2018
954c585
Merge pull request #35 from ekr/ianswett-mike2
ekr Jun 19, 2018
d814642
Martin's comments
ianswett Jun 20, 2018
da0d8ec
Ensures that
ianswett Jun 21, 2018
89c45a6
Merge pull request #36 from ekr/ianswett-martin
ekr Jun 21, 2018
daea861
Address MT's comments on TLS
ekr Jun 21, 2018
3aea50d
MT/Bishop comments on transport
ekr Jun 22, 2018
bd5f9ff
Ian's comments
ekr Jun 22, 2018
e2ed4db
Merge pull request #37 from ekr/martins_comments
ekr Jun 22, 2018
7a780db
Fix build breaks
MikeBishop Jun 22, 2018
4db5568
Extra word
MikeBishop Jun 22, 2018
8d57711
remove "the the"
martinthomson Jun 25, 2018
a2aabfe
More errors around delivering to TLS out of order
martinthomson Jun 25, 2018
2473966
The online editor is terrible
martinthomson Jun 25, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
27 changes: 18 additions & 9 deletions draft-ietf-quic-tls.md
View file
Open in desktop
Expand Up @@ -310,9 +310,10 @@ offset and length. Those frames are packaged into QUIC packets
and encrypted under the current TLS encryption level.
As with TLS over TCP, once TLS handshake data has
been delivered to QUIC, it is QUIC's responsibility to deliver it
reliably. Each chunk of data is associated with the then-current TLS
sending keys, and if QUIC needs to retransmit that data, it MUST use
the same keys even if TLS has already updated to newer keys.
reliably. Each chunk of data that is produced by TLS is associated
with the set of keys that TLS is currently using. If QUIC needs to
retransmit that data, it MUST use the same keys even if TLS has already
updated to newer keys.

One important difference between TLS 1.3 records (used with TCP)
and QUIC CRYPTO_HS frames is that in QUIC multiple frames may appear
Expand Down Expand Up @@ -382,27 +383,35 @@ TLS. The client acquires handshake octets before sending its first packet.
A QUIC server starts the process by providing TLS with the client's
handshake octets.

At any given time, an endpoint will have a current sending encryption
level and receiving encryption level. Each encryption level is
At any given time, the TLS stack at an endpoint will have a current sending
encryption level and receiving encryption level. Each encryption level is
associated with a different flow of bytes, which is reliably
transmitted to the peer in CRYPTO_HS frames. When TLS provides handshake
octets to be sent, they are appended to the current flow and
will eventually be transmitted under the then-current key.
octets to be sent, they are appended to the current flow and any packet
that includes the CRYPTO_HS frame is protected using keys from the
corresponding encryption level.

When an endpoint receives a QUIC packet containing a CRYPTO_HS frame from
the network, it proceeds as follows:

- If the packet was in the current receiving encryption level, sequence
- If the packet was in the TLS receiving encryption level, sequence
the data into the input flow as usual. As with STREAM frames,
the offset is used to find the proper location in the data sequence.
If the result of this process is that new data is available, then
it is delivered to TLS in order.

- If the packet is from a previously installed encryption level, it
MUST not contain data which extends past the end of previously
received data in that flow. Implementations MUST treat any
violations of this requirement as a connection error of type
PROTOCOL_VIOLATION.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that this works. Consider EndOfEarlyData, which could be lost, then later repaired. The end of the previously installed encryption level (aside from being only loosely defined) for CRYPTO is 0, so EOED would extend past that. Also, if you take a looser interpretation, then a delayed 0-RTT STREAM frame might also extend that stream beyond the point where the server cut over to reading Handshake or 1-RTT.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't seem right to me. First, the 0-RTT STREAM frame isn't relevant, because this is just about CRYPTO_HS.

As for EOED, here's what happens ordinarily (no loss)

  • Recv CH; Rekey current RX to epoch 1
  • Receive EOED: Rekey current RX to epoch 2
  • Receive CFIN: Rekey current RX to epoch 3

If instead you get CH, CFIN, EOED, here's what happens:

  • Recv CH; Rekey current RX to epoch 1
  • Receive CFIN: it's in the future, so buffer
  • Receive EOED: Rekey current RX to epoch 2
  • Process CFIN; Rekey current RX to epoch 3


- If the packet is from a new encryption level, it is saved for later
processing by TLS. Once TLS moves to receiving from this encryption
level, saved data can be provided. When providing data from any new
encryption level to TLS, if there is data from a previous encryption
level that TLS has not consumed, this MUST be treated as a connection
error of type PROTOCOL_VIOLATION.

Each time that TLS is provided with new data, new handshake octets are
requested from TLS. TLS might not provide any octets if the handshake
Expand Down