From e0864a5a5ea82cfd3f29215b570851a7a438b5ce Mon Sep 17 00:00:00 2001 From: ianswett Date: Mon, 19 Oct 2020 18:09:12 -0400 Subject: [PATCH 1/2] Document why one might want to pad ACKS ...or alter the idle timeout behavior when unpadded ACK-only packets are received. --- draft-ietf-quic-transport.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 63d4f24469..3f5669af49 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4091,13 +4091,18 @@ fragmentation on the path. A client MUST expand the payload of all UDP datagrams carrying Initial packets to at least the smallest allowed maximum datagram size of 1200 bytes by adding PADDING frames to the Initial packet or by coalescing the Initial packet; see -{{packet-coalesce}}. Similarly, a server MUST expand the payload of all UDP -datagrams carrying ack-eliciting Initial packets to at least the smallest -allowed maximum datagram size of 1200 bytes. Sending UDP datagrams of this size -ensures that the network path supports a reasonable Path Maximum Transmission -Unit (PMTU), in both directions. Additionally, a client that expands Initial -packets helps reduce the amplitude of amplification attacks caused by server -responses toward an unverified client address; see {{address-validation}}. +{{packet-coalesce}}. Additionally, a client that expands Initial packets helps +reduce the amplitude of amplification attacks caused by server responses +toward an unverified client address; see {{address-validation}}. + +Similarly, a server MUST expand the payload of all UDP datagrams carrying +ack-eliciting Initial packets to at least the smallest allowed maximum datagram +size of 1200 bytes. Unexpanded Initial packets extend the peer's idle timeout, +even if the path is not capable of carrying the full MTU, so servers can choose +to expand ACK-only packets to at least 1200 bytes and clients can choose not to +extend the idle timeout upon receipt of a non-ack-eliciting packet less than +1200 bytes. Sending UDP datagrams of this size ensures that the network path +supports a reasonable Path Maximum Transmission Unit (PMTU), in both directions. Datagrams containing Initial packets MAY exceed 1200 bytes if the sender believes that the network path and peer both support the size that it chooses. From 2cc7fd7a99e9da301557a0902ea04336b2eec1de Mon Sep 17 00:00:00 2001 From: ianswett Date: Mon, 19 Oct 2020 19:33:45 -0400 Subject: [PATCH 2/2] Changed to a Note --- draft-ietf-quic-transport.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 3f5669af49..227292b11f 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4097,12 +4097,10 @@ toward an unverified client address; see {{address-validation}}. Similarly, a server MUST expand the payload of all UDP datagrams carrying ack-eliciting Initial packets to at least the smallest allowed maximum datagram -size of 1200 bytes. Unexpanded Initial packets extend the peer's idle timeout, -even if the path is not capable of carrying the full MTU, so servers can choose -to expand ACK-only packets to at least 1200 bytes and clients can choose not to -extend the idle timeout upon receipt of a non-ack-eliciting packet less than -1200 bytes. Sending UDP datagrams of this size ensures that the network path -supports a reasonable Path Maximum Transmission Unit (PMTU), in both directions. +size of 1200 bytes. Note that unexpanded Initial packets extend the peer's +idle timeout, even if the path is not capable of carrying the full MTU. +Sending UDP datagrams of this size ensures that the network path supports a +reasonable Path Maximum Transmission Unit (PMTU), in both directions. Datagrams containing Initial packets MAY exceed 1200 bytes if the sender believes that the network path and peer both support the size that it chooses.