From fea54816edf9df6874fda276b00edaac799151c2 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 29 Oct 2020 13:28:07 +1100 Subject: [PATCH 1/3] Define stateless reset token This was a little obtuse; it would benefit from a clearer description of what the token is and how it is used. Closes #4285. --- draft-ietf-quic-transport.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index b242445ee7..c5fb403859 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2961,13 +2961,18 @@ A stateless reset is not appropriate for indicating errors in active connections. An endpoint that wishes to communicate a fatal connection error MUST use a CONNECTION_CLOSE frame if it is able. -To support this process, a token is sent by endpoints. The token is carried in -the Stateless Reset Token field of a NEW_CONNECTION_ID frame. Servers can also -specify a stateless_reset_token transport parameter during the handshake that -applies to the connection ID that it selected during the handshake; clients -cannot use this transport parameter because their transport parameters do not -have confidentiality protection. These tokens are protected by encryption, so -only client and server know their value. Tokens are invalidated when their +To support this process, an endpoint can issue a stateless reset token, which +is a 16 byte value that is hard to guess. If that endpoint sends a stateless +reset, a UDP datagram that ends in the stateless reset token, the recipient +will immediately end the connection. + +A stateless reset token is issued by including the value in the Stateless Reset +Token field of a NEW_CONNECTION_ID frame. Servers can also issue a +stateless_reset_token transport parameter during the handshake that applies to +the connection ID that it selected during the handshake; clients cannot use +this transport parameter because their transport parameters do not have +confidentiality protection. These tokens are protected by encryption, so only +client and server know their value. Tokens are invalidated when their associated connection ID is retired via a RETIRE_CONNECTION_ID frame ({{frame-retire-connection-id}}). From 818b6c4799888e21636380df48fe3dbb7e7bf675 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Fri, 30 Oct 2020 09:57:35 +1100 Subject: [PATCH 2/3] Mike's suggestions --- draft-ietf-quic-transport.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index c5fb403859..3f2a892456 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2961,18 +2961,18 @@ A stateless reset is not appropriate for indicating errors in active connections. An endpoint that wishes to communicate a fatal connection error MUST use a CONNECTION_CLOSE frame if it is able. -To support this process, an endpoint can issue a stateless reset token, which -is a 16 byte value that is hard to guess. If that endpoint sends a stateless -reset, a UDP datagram that ends in the stateless reset token, the recipient -will immediately end the connection. +To support this process, an endpoint issues a stateless reset token, which is a +16 byte value that is hard to guess. If that endpoint sends a stateless reset, +a UDP datagram that ends in the stateless reset token, the recipient will +immediately end the connection. A stateless reset token is issued by including the value in the Stateless Reset Token field of a NEW_CONNECTION_ID frame. Servers can also issue a stateless_reset_token transport parameter during the handshake that applies to the connection ID that it selected during the handshake; clients cannot use this transport parameter because their transport parameters do not have -confidentiality protection. These tokens are protected by encryption, so only -client and server know their value. Tokens are invalidated when their +confidentiality protection. These exchanges are protected by encryption, so +only client and server know their value. Tokens are invalidated when their associated connection ID is retired via a RETIRE_CONNECTION_ID frame ({{frame-retire-connection-id}}). From 5d6285f3c93e068e7faf593efe3a06dcc366b4ea Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Fri, 30 Oct 2020 12:04:17 +1100 Subject: [PATCH 3/3] polish Co-authored-by: Jana Iyengar --- draft-ietf-quic-transport.md | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 3f2a892456..bdb3be864a 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2962,19 +2962,21 @@ connections. An endpoint that wishes to communicate a fatal connection error MUST use a CONNECTION_CLOSE frame if it is able. To support this process, an endpoint issues a stateless reset token, which is a -16 byte value that is hard to guess. If that endpoint sends a stateless reset, -a UDP datagram that ends in the stateless reset token, the recipient will -immediately end the connection. - -A stateless reset token is issued by including the value in the Stateless Reset -Token field of a NEW_CONNECTION_ID frame. Servers can also issue a -stateless_reset_token transport parameter during the handshake that applies to -the connection ID that it selected during the handshake; clients cannot use -this transport parameter because their transport parameters do not have -confidentiality protection. These exchanges are protected by encryption, so -only client and server know their value. Tokens are invalidated when their -associated connection ID is retired via a RETIRE_CONNECTION_ID frame -({{frame-retire-connection-id}}). +16-byte value that is hard to guess. If the peer subsequently receives a +stateless reset, which is a UDP datagram that ends in that stateless reset +token, the peer will immediately end the connection. + +A stateless reset token is specific to a connection ID. An endpoint issues a +stateless reset token by including the value in the Stateless Reset Token field +of a NEW_CONNECTION_ID frame. Servers can also issue a stateless_reset_token +transport parameter during the handshake that applies to the connection ID that +it selected during the handshake. These exchanges are protected by encryption, +so only client and server know their value. Note that clients cannot use the +stateless_reset_token transport parameter because their transport parameters do +not have confidentiality protection. + +Tokens are invalidated when their associated connection ID is retired via a +RETIRE_CONNECTION_ID frame ({{frame-retire-connection-id}}). An endpoint that receives packets that it cannot process sends a packet in the following layout: