New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow reuse of stateless reset tokens #2733
Merged
Merged
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
f434be2
Allow reuse of stateless reset tokens
martinthomson a5bcc0b
Fixup of reset-oracle links
martinthomson 6d614fa
Edit for clarity
martinthomson 5201e2e
More editorial hacking; this is complex
martinthomson b645d79
Try again
martinthomson 7fdaf76
Update draft-ietf-quic-transport.md
janaiyengar File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand this text. I can see the issuer of the reset can and should coordinate with load balancers, but the text reads as if the sender is responsible for the receiver matching up the connection ID, or that an active connection should be matched sender side when the reset is transmitted to cancel an unknown connection, which by definition isn't possible. In part it is unclear what is mean by connection ID since there are two kinds.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mikkelfj can you clarify what this comment is in relation to?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've tweaked the text (there was a grammatical error), but I think that this was related to the change. It was a minor editorial thing. It's really hard to get this right.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The text has been changed since I wrote the above, but largely:
It is not entirely clear what timeframe this pertains to. There is time where the an unknown packet is received and the connection is active from the peers perspective but no longer used from the receivers perspective. And there is the time where the token is issued during connection establishment or path migration. The latter is the intent, but it is not easy to read.
It could perhaps be formulated like
A Stateless Reset Token MUST be unique to a single connection. The same token MAY be reissued for different Connection ID's on the same connection when it can be guaranteed that they all route to the same endpoint for the duration of the connection even after a Connection ID has been retired.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That doesn't quite work because it is OK to forget a connection ID if the associated stateless reset token is no longer in use. Maybe I need to try again.