-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move connection ID change to only Server Cleartext #589
Conversation
draft-ietf-quic-transport.md
Outdated
|
||
The packet number field echoes the packet number of the triggering client | ||
packet. This allows a client to verify that the server received its packet. | ||
The packet number and connection ID fields echo the packet number of the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This says the connection ID field contains the original packet's packet number. Don't think that's correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe that it is correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, the packet number field should contain the client's packet number, and the connection ID field should contain the client's connection ID. Otherwise, this is just... weird.
So if I have 50% of the backend servers upgraded to a newer QUIC version, how do I make sure that client comes back to the same server after Version Negotiation? I.e. I think what you are doing here is removing Server Connection ID from Version negotiation packets. |
Why such design changes? I want to selectively decide which server will load balance asymmetric cryptography (heavy processing) of TLS handshake. With this design its not possible. |
@chocis, That was discussed here at the interim as being a primary advantage of the current design. No one spoke in favour of retaining that. |
draft-ietf-quic-transport.md
Outdated
only sent after the server has committed to maintaining connection state. | ||
packets ({{packet-client-initial}}) and 0-RTT packets ({{packet-protected}}). | ||
If the client has received any packet from the server, it uses the connection ID | ||
it received from the server. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This sentence is slightly misleading, since 0-RTT packets will continue using the client Connection ID. I would remove this sentence since paras below cover everything else.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"... for all packets other than 0-RTT packets." ?
@huitema also spoke against that, since it becomes easy for an attacker to forge. |
Well then I would like to propose to reconsider that. Is there any reason why Server Stateless Retry couldn't change CID?
|
The way I would implement the load balancer:
|
Closes #588