New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move stateless reset token to the end #842
Conversation
This makes the location of the token fixed with respect to the end of packets, which makes it easier to find. It also expands the conditions for checking the token, which now include cases where packets appear to be duplicated. Closes #820.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems generally fine. comments below
draft-ietf-quic-transport.md
Outdated
A server copies the connection ID field from the packet that triggers the | ||
stateless reset. A server omits the connection ID if explicitly configured to | ||
do so, or if the client packet did not include a connection ID. | ||
|
||
The Packet Number field is set to a randomized value. This packet SHOULD use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: I would say "The server SHOULD use..."
draft-ietf-quic-transport.md
Outdated
A server copies the connection ID field from the packet that triggers the | ||
stateless reset. A server omits the connection ID if explicitly configured to | ||
do so, or if the client packet did not include a connection ID. | ||
|
||
The Packet Number field is set to a randomized value. This packet SHOULD use | ||
the short header form with the shortest possible packet number encoding. This |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I would phrase this as "the packet type should be X, which represents the shortest packet encoding", because you aren't allowed to use long format under any conditions.
draft-ietf-quic-transport.md
Outdated
either cannot be decrypted or is marked as a potential duplicate. The client | ||
then performs a constant-time comparison of the last 16 octets of the packet | ||
with the Stateless Reset Token provided by the server in its transport | ||
parameters. If this comparison is successful, the connection MUST be terminated |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you say what "terminated" means? Is it the same as having received CONNECTION_CLOSE?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps "all connection state MUST be discarded."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any of the above seem fine for now; we'll want to tie this in with @janaiyengar's Unified Theory of Connection Closure when that lands.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can't discard state if you are going to enter the draining period. But we don't need draining, we just need to stop. (Any subsequent stateless resets we get will get discarded according to our new packet handling rules.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Couple of comments.
draft-ietf-quic-transport.md
Outdated
possible packet number encoding, which minimizes the perceived gap between the | ||
last packet that the server sent and this packet. A server MAY use a different | ||
short header type, indicating a different packet number length, but this allows | ||
for the message to be identified as a stateless reset more easily using |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: "this allows for" - I think you mean to say that using a 1-byte packet number makes life easier, but "this" is ambiguous here. Maybe something like: "A server MAY use a different short header type, indicating a different packet number length, but using 0x01 allows for the message to be identified as a stateless reset more easily using heuristics."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not the identification we care about, but the fact that an observer could identify the SR by seeing a packet number jump. If the number is only eight bits long, then it's harder for an observer to infer a large jump.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or rather, we're not trying to make identification easy for the client, we're trying to make it hard for everyone else.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, but I take the comment- I will revise along the lines suggested.
draft-ietf-quic-transport.md
Outdated
either cannot be decrypted or is marked as a potential duplicate. The client | ||
then performs a constant-time comparison of the last 16 octets of the packet | ||
with the Stateless Reset Token provided by the server in its transport | ||
parameters. If this comparison is successful, the connection MUST be terminated |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps "all connection state MUST be discarded."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
draft-ietf-quic-transport.md
Outdated
possible packet number encoding, which minimizes the perceived gap between the | ||
last packet that the server sent and this packet. A server MAY use a different | ||
short header type, indicating a different packet number length, but this allows | ||
for the message to be identified as a stateless reset more easily using |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not the identification we care about, but the fact that an observer could identify the SR by seeing a packet number jump. If the number is only eight bits long, then it's harder for an observer to infer a large jump.
draft-ietf-quic-transport.md
Outdated
either cannot be decrypted or is marked as a potential duplicate. The client | ||
then performs a constant-time comparison of the last 16 octets of the packet | ||
with the Stateless Reset Token provided by the server in its transport | ||
parameters. If this comparison is successful, the connection MUST be terminated |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any of the above seem fine for now; we'll want to tie this in with @janaiyengar's Unified Theory of Connection Closure when that lands.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few small suggestions.
draft-ietf-quic-transport.md
Outdated
by the server in its transport parameters. If this comparison is successful, | ||
the connection MUST be terminated immediately. Otherwise, the packet can be | ||
discarded. | ||
either cannot be decrypted or is marked as a potential duplicate. The client |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I'd go with "is marked as a duplicate packet."
draft-ietf-quic-transport.md
Outdated
the connection MUST be terminated immediately. Otherwise, the packet can be | ||
discarded. | ||
either cannot be decrypted or is marked as a potential duplicate. The client | ||
then performs a constant-time comparison of the last 16 octets of the packet |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it necessary to mention it's constant time?
draft-ietf-quic-transport.md
Outdated
either cannot be decrypted or is marked as a potential duplicate. The client | ||
then performs a constant-time comparison of the last 16 octets of the packet | ||
with the Stateless Reset Token provided by the server in its transport | ||
parameters. If this comparison is successful, the client MUST discard all |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of successful, how about "If they are identical" ?
draft-ietf-quic-transport.md
Outdated
with the Stateless Reset Token provided by the server in its transport | ||
parameters. If this comparison is successful, the client MUST discard all | ||
connection state and not send any further packets on this connection. If the | ||
comparison is unsuccessful, the packet can be discarded. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is unsuccessful => fails?
This makes the location of the token fixed with respect to the end of
packets, which makes it easier to find. It also expands the conditions
for checking the token, which now include cases where packets appear
to be duplicated.
Closes #820.