Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Servers have to change connection IDs in Retry #3147

Merged
merged 3 commits into from
Oct 25, 2019
Merged

Servers have to change connection IDs in Retry #3147

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
15da864
Retry changes the connection ID always
martinthomson Oct 24, 2019
cd51ae1
Add a MUST discard requirement for bad SCID
martinthomson Oct 24, 2019
6d5698c
Don't say why, it just is
martinthomson Oct 25, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 12 additions & 6 deletions draft-ietf-quic-transport.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1636,10 +1636,14 @@ As long as it is not possible for an attacker to generate a valid token for
its own address (see {{token-integrity}}) and the client is able to return
that token, it proves to the server that it received the token.

A server can also use a Retry packet to defer the state and processing costs
of connection establishment. By giving the client a different connection ID to
use, a server can cause the connection to be routed to a server instance with
more resources available for new connections.
A server can also use a Retry packet to defer the state and processing costs of
connection establishment. Requiring the server to provide a different
connection ID, along with the original_connection_id transport parameter defined
in {{transport-parameter-definitions}}, forces the server to demonstrate that
it, or an entity it cooperates with, received the original Initial packet from
the client. Providing a different connection ID also grants a server some
control over how subsequent packets are routed. This can be used to direct
connections to a different server instance.

A flow showing the use of a Retry packet is shown in {{fig-retry}}.

Expand Down Expand Up @@ -4150,8 +4154,10 @@ the client included in the Source Connection ID of the Initial packet.

The server includes a connection ID of its choice in the Source Connection ID
field. This value MUST not be equal to the Destination Connection ID field of
the packet sent by the client. The client MUST use this connection ID in the
Destination Connection ID of subsequent packets that it sends.
the packet sent by the client. A client MUST discard a Retry packet that
contains a Source Connection ID field that is identical to the Destination
Connection ID field of its Initial packet. The client MUST use this connection
ID in the Destination Connection ID field of subsequent packets that it sends.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Post merge, but "The client MIST use this connection ID" reads as if it refers to the invalid duplicate ID.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#3153

A server MAY send Retry packets in response to Initial and 0-RTT packets. A
server can either discard or buffer 0-RTT packets that it receives. A server
Expand Down