New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Datagram 1200 #1548
Datagram 1200 #1548
Changes from 1 commit
3504e23
3778676
7c6392d
dd98adc
3e740f4
36cabe6
d2a655d
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -515,28 +515,29 @@ older than 1.3 is negotiated. | |
## ClientHello Size {#clienthello-size} | ||
|
||
QUIC requires that the first Initial packet from a client be sent in a single | ||
UDP datagram. This places constraints on the first ClientHello message. | ||
UDP datagram. Though a packet larger than 1200 octets might be supported by the | ||
path, a client improves the likelihood that a packet is accepted if it ensures | ||
that the first ClientHello message it sends remains within this limit. | ||
|
||
QUIC packet and framing overheads add at least 36 octets of overheads to the | ||
ClientHello message. That overhead increases if the client chooses connection | ||
ClientHello message. That overhead increases if the client chooses a connection | ||
ID without zero length, nor does it include the token or a connection ID longer | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. a connection ID with non-zero length, perhaps? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. A QUIC packet can hardly fit into more than a single UDP datagram, so perhaps be clear that the TLS message must fit within the first Initial QUIC packet. - if that is the intention. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nor does it -> and does not |
||
than octets that might be required if a server sends a Retry packet. | ||
than 8 octets that might be required if a server sends a Retry packet. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This sentence is long, maybe a comma after "octets" |
||
|
||
With these overheads, a typical TLS ClientHello can fit into a 1200 octet packet | ||
with ample space remaining. However, aside from the overheads added by QUIC, | ||
there are several variables that could cause this limit to be exceeded. Large | ||
session tickets or HelloRetryRequest cookies, multiple or large key shares, and | ||
long lists of supported ciphers, signature algorithms, versions, QUIC transport | ||
parameters, and other negotiable parameters and extensions could cause this | ||
message to grow. | ||
A typical TLS ClientHello can easily fit into a 1200 octet packet. However, in | ||
addition to the overheads added by QUIC, there are several variables that could | ||
cause this limit to be exceeded. Large session tickets, multiple or large key | ||
shares, and long lists of supported ciphers, signature algorithms, versions, | ||
QUIC transport parameters, and other negotiable parameters and extensions could | ||
cause this message to grow. | ||
|
||
For servers, in addition to connection ID and tokens, the size of TLS session | ||
tickets and HelloRetryRequest cookie extensions can have an effect on a client's | ||
ability to connect. Choosing a small value increases the probability that these | ||
values can be successfully used by a client. | ||
tickets can have an effect on a client's ability to connect. Minimizing the | ||
size of these values increases the probability that they can be successfully | ||
used by a client. | ||
|
||
A client is not required to fit a ClientHello that is sent in response to | ||
HelloRetryRequest in a single UDP datagram. | ||
A client is not required to fit the ClientHello that it sends in response to a | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this because HRR is assumed to be stateful? |
||
HelloRetryRequest message into a single UDP datagram. | ||
|
||
The TLS implementation does not need to ensure that the ClientHello is | ||
sufficiently large. QUIC PADDING frames are added to increase the size of the | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the first "overheads" is unnecessary and the second can be "overhead"