Change idle_timeout to max_idle_timeout

[ianswett]

This makes idle timeout symmetric by stating that a peer will close the connection at or soon after the idle timeout expires, creating clear expectations of idle timeout behavior. This also renames the transport parameter idle_timeout to max_idle_timeout for clarity.

Fixes #2602
Takes some of the improved text from #2745

[janaiyengar]

I don't think I follow this sentence. What is the endpoint committing to? To closing the connection at min(local_timeout, remote_timeout)?

[ianswett]

It's committing to explicitly closing(and not silently closing) if it's before min(local_timeout, remote_timeout). This was adapted from MT's PR.

[martinthomson]

This doesn't read particularly well as written. I've suggested something, but I'm not entirely sure that it works.

[kazuho]

I have suggestions for parts that did not read well to me, but otherwise LGTM.

[martinthomson]

Thanks for doing this.

I wonder if we have any place where we can state the principle that drives this. That is, "after the time indicated in max_idle_timeout, the endpoint will no longer send nor accept packets."

[MikeBishop]

If you're going to explain why you restart when sending, you might need to explain why you don't restart when sending subsequent packets. Perhaps "when sending one or more packets" might help point this explanation at bursts, rather than at individual packets?

[ianswett]

Also pre-existing.

[janaiyengar]

A few comments. I think it would help readability immensely if you could articulate a new timeout period, Idle Timeout (ITO) explicitly.

Also, can you change the title of the PR? It's not particularly clarifying.

[janaiyengar]

I don't understand this sentence... what does it mean for an endpoint to initiate an immediate close if it abandons the connection prior to the min? I thought that the endpoint was to initiate an immediate close at the min. Why are we talking about abandoning?

[janaiyengar]

Can you write some rationale for these restarting rules?

[ianswett]

Also pre-existing text, so maybe in a different PR?

[janaiyengar]

This is not a great construction: "If a peer could time out within a Probe Timeout". It's also confusing ... maybe change this to "When an endpoint is about to send data that cannot be retried safely, it is possible that the peer may have reached the end of its idle timeout period before this data arrives at the peer. To avoid such situations, it is recommended that an endpoint test for liveness when it expects that the peer might be close, within a Probe Timeout (PTO; see Section ...) period for instance, to the end of its idle timeout period."

[ianswett]

Agreed, I'll file an issue to address your and Mike's comments.

[janaiyengar]

I think the text should be fixed here... why introduce text here and then fix it in a new PR?

[ianswett]

I'm not introducing this text, it just moved, hence the different PR, which is editorial.

[ianswett]

@MikeBishop and @janaiyengar I filed a new issue(#3184) for your comments on the existing idle timeout text. I hope all of those comments can be addressed in an editorial PR.

[martinthomson]

a max_idle_timeout, an endpoint declares that after being idle for longer than the advertised time it will not send any packets and it could generate a stateless reset ({{stateless-reset}}) in reaction to any received packet. An endpoint commits to initiating an immediate close [...]

[ianswett]

This is failing due to a QPACK error, but I believe the PR is done.

As noted above, I opened #3184 for the many comments about the existing text. I can take a stab at this, but I'd like to do that separately from this design change.

[janaiyengar]

One more comment

[janaiyengar]

What does it mean to test for liveness? Can you make this more explicit?