-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MUST retire Connection IDs becoming stale #3096
MUST retire Connection IDs becoming stale #3096
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that the most interesting behaviour to specify is at the endpoint that requests retirement. "Endpoints that request that peers retire connection IDs SHOULD be prepared to receive packets that contain connection IDs that they have requested be retired for a period of approximately three times the PTO."
draft-ietf-quic-transport.md
Outdated
stateless reset in response to a connection ID it can no longer route correctly. | ||
the peer MUST retire the corresponding connection IDs and send corresponding | ||
RETIRE_CONNECTION_ID frames. Failing to retire the connection IDs within one | ||
PTO can cause packets to be delayed, lost, or cause the original endpoint to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we could even say "approximately", and add "Endpoints that request that peers retire connection IDs SHOULD be prepared to receive packets that contain connection IDs that they have requested be retired for a period of approximately three times the PTO."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the suggestions. I've added "approximately", and merged the other suggestion into the next paragraph. PTAL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fine to me. I'm also fine with Martin's suggestions as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LG, but I like @martinthomson suggestion
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The endpoint here has always been going to do whatever it does, regardless of whether we said SHOULD or MUST, so this seems fine. I do like the direction for the other endpoint to wait 3PTO, that would be nice to include.
I'm a bit worried that a stateless reset from a retired CID could be used as an attack vector by simply delaying packets en-route. However, if the reset is only effective on CIDs that are no longer recognised that shouldn't be a problem. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mikkelfj, the delayed packets are handled by this text:
Tokens are invalidated when their associated connection ID is retired via a RETIRE_CONNECTION_ID frame (Section 19.16).
An endpoint MUST NOT check for any Stateless Reset Tokens associated with connection IDs it has not used or for connection IDs that have been retired.
If you've followed the requirement to retire as indicated, then a delayed packet triggering stateless reset can't hurt you.
Co-Authored-By: Mike Bishop <mbishop@evequefou.be>
Closes #3046.
@martinthomson:
The text in the PR adopts 1 PTO as a suggestion, as I am not sure if there is a point in that value being the exact limit. If it needs to be, we can rephrase the text to "MUST retire the corresponding connection IDs in one PTO and send corresponding RETIRE_CONNECTION_ID frames."