Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Datagram 1200 #1548

Merged
merged 7 commits into from Jul 30, 2018
Merged

Datagram 1200 #1548

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3504e23
Fix 1200 octet Datagram vs. Packet inconsistencies
martinthomson Jul 11, 2018
3778676
Rewrite section on ClientHello size
martinthomson Jul 11, 2018
7c6392d
1200 isn't an actual limit; consistency
martinthomson Jul 11, 2018
dd98adc
The first Initial packet is the only special one
martinthomson Jul 11, 2018
3e740f4
Tweaking more
martinthomson Jul 11, 2018
36cabe6
I need to work on my proofreading
martinthomson Jul 11, 2018
d2a655d
UDP payload
martinthomson Jul 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
31 changes: 16 additions & 15 deletions draft-ietf-quic-tls.md
View file
Open in desktop
Expand Up @@ -515,28 +515,29 @@ older than 1.3 is negotiated.
## ClientHello Size {#clienthello-size}

QUIC requires that the first Initial packet from a client be sent in a single
UDP datagram. This places constraints on the first ClientHello message.
UDP datagram. Though a packet larger than 1200 octets might be supported by the
path, a client improves the likelihood that a packet is accepted if it ensures
that the first ClientHello message it sends remains within this limit.

QUIC packet and framing overheads add at least 36 octets of overheads to the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the first "overheads" is unnecessary and the second can be "overhead"

ClientHello message. That overhead increases if the client chooses connection
ClientHello message. That overhead increases if the client chooses a connection
ID without zero length, nor does it include the token or a connection ID longer
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a connection ID with non-zero length, perhaps?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A QUIC packet can hardly fit into more than a single UDP datagram, so perhaps be clear that the TLS message must fit within the first Initial QUIC packet. - if that is the intention.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nor does it -> and does not

than octets that might be required if a server sends a Retry packet.
than 8 octets that might be required if a server sends a Retry packet.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sentence is long, maybe a comma after "octets"


With these overheads, a typical TLS ClientHello can fit into a 1200 octet packet
with ample space remaining. However, aside from the overheads added by QUIC,
there are several variables that could cause this limit to be exceeded. Large
session tickets or HelloRetryRequest cookies, multiple or large key shares, and
long lists of supported ciphers, signature algorithms, versions, QUIC transport
parameters, and other negotiable parameters and extensions could cause this
message to grow.
A typical TLS ClientHello can easily fit into a 1200 octet packet. However, in
addition to the overheads added by QUIC, there are several variables that could
cause this limit to be exceeded. Large session tickets, multiple or large key
shares, and long lists of supported ciphers, signature algorithms, versions,
QUIC transport parameters, and other negotiable parameters and extensions could
cause this message to grow.

For servers, in addition to connection ID and tokens, the size of TLS session
tickets and HelloRetryRequest cookie extensions can have an effect on a client's
ability to connect. Choosing a small value increases the probability that these
values can be successfully used by a client.
tickets can have an effect on a client's ability to connect. Minimizing the
size of these values increases the probability that they can be successfully
used by a client.

A client is not required to fit a ClientHello that is sent in response to
HelloRetryRequest in a single UDP datagram.
A client is not required to fit the ClientHello that it sends in response to a
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this because HRR is assumed to be stateful?

HelloRetryRequest message into a single UDP datagram.

The TLS implementation does not need to ensure that the ClientHello is
sufficiently large. QUIC PADDING frames are added to increase the size of the
Expand Down