Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MUST retire Connection IDs becoming stale #3096

Merged
merged 4 commits into from
Oct 31, 2019
Merged

MUST retire Connection IDs becoming stale #3096

merged 4 commits into from
Oct 31, 2019

Conversation

kazuho
Copy link
Member

@kazuho kazuho commented Oct 16, 2019

Closes #3046.

@martinthomson:

As discussed, should be that the receiving side will retire within one PTO. The sending side can enforce at 3PTO, by dropping the connection.

The text in the PR adopts 1 PTO as a suggestion, as I am not sure if there is a point in that value being the exact limit. If it needs to be, we can rephrase the text to "MUST retire the corresponding connection IDs in one PTO and send corresponding RETIRE_CONNECTION_ID frames."

martinthomson
martinthomson reviewed Oct 16, 2019
View reviewed changes
Copy link
Member

@martinthomson martinthomson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that the most interesting behaviour to specify is at the endpoint that requests retirement. "Endpoints that request that peers retire connection IDs SHOULD be prepared to receive packets that contain connection IDs that they have requested be retired for a period of approximately three times the PTO."

draft-ietf-quic-transport.md Outdated
stateless reset in response to a connection ID it can no longer route correctly.
the peer MUST retire the corresponding connection IDs and send corresponding
RETIRE_CONNECTION_ID frames. Failing to retire the connection IDs within one
PTO can cause packets to be delayed, lost, or cause the original endpoint to
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we could even say "approximately", and add "Endpoints that request that peers retire connection IDs SHOULD be prepared to receive packets that contain connection IDs that they have requested be retired for a period of approximately three times the PTO."

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the suggestions. I've added "approximately", and merged the other suggestion into the next paragraph. PTAL.

nibanks
nibanks approved these changes Oct 16, 2019
View reviewed changes
Copy link
Member

@nibanks nibanks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine to me. I'm also fine with Martin's suggestions as well.

ianswett
ianswett approved these changes Oct 16, 2019
View reviewed changes
Copy link
Contributor

@ianswett ianswett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LG, but I like @martinthomson suggestion

erickinnear
erickinnear approved these changes Oct 16, 2019
View reviewed changes
Copy link
Contributor

@erickinnear erickinnear left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The endpoint here has always been going to do whatever it does, regardless of whether we said SHOULD or MUST, so this seems fine. I do like the direction for the other endpoint to wait 3PTO, that would be nice to include.

@mikkelfj
Copy link
Contributor

I'm a bit worried that a stateless reset from a retired CID could be used as an attack vector by simply delaying packets en-route. However, if the reset is only effective on CIDs that are no longer recognised that shouldn't be a problem.

MikeBishop
MikeBishop approved these changes Oct 29, 2019
View reviewed changes
Copy link
Contributor

@MikeBishop MikeBishop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mikkelfj, the delayed packets are handled by this text:

Tokens are invalidated when their associated connection ID is retired via a RETIRE_CONNECTION_ID frame (Section 19.16).

An endpoint MUST NOT check for any Stateless Reset Tokens associated with connection IDs it has not used or for connection IDs that have been retired.

If you've followed the requirement to retire as indicated, then a delayed packet triggering stateless reset can't hurt you.

draft-ietf-quic-transport.md Outdated Show resolved Hide resolved
@kazuho @MikeBishop
Update draft-ietf-quic-transport.md
57a466f 
Co-Authored-By: Mike Bishop <mbishop@evequefou.be>
@martinthomson martinthomson added the design An issue that affects the design of the protocol; resolution requires consensus. label Oct 31, 2019
@martinthomson martinthomson merged commit 0bf4ab5 into quicwg:master Oct 31, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martinthomson martinthomson martinthomson approved these changes

@MikeBishop MikeBishop MikeBishop approved these changes

@ianswett ianswett ianswett approved these changes

@nibanks nibanks nibanks approved these changes

@erickinnear erickinnear erickinnear approved these changes

Assignees
No one assigned
Labels
-transport design An issue that affects the design of the protocol; resolution requires consensus.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handling of Retire Prior To field
7 participants
@kazuho @mikkelfj @martinthomson @MikeBishop @ianswett @nibanks @erickinnear