Move stateless reset token to the end #842
Conversation
This makes the location of the token fixed with respect to the end of packets, which makes it easier to find. It also expands the conditions for checking the token, which now include cases where packets appear to be duplicated. Closes #820.
martinthomson
added
-transport
design
draft-ietf-quic-transport.md
Outdated
| A server copies the connection ID field from the packet that triggers the | ||
| stateless reset. A server omits the connection ID if explicitly configured to | ||
| do so, or if the client packet did not include a connection ID. | ||
|
|
||
| The Packet Number field is set to a randomized value. This packet SHOULD use |
There was a problem hiding this comment.
Nit: I would say "The server SHOULD use..."
draft-ietf-quic-transport.md
Outdated
| A server copies the connection ID field from the packet that triggers the | ||
| stateless reset. A server omits the connection ID if explicitly configured to | ||
| do so, or if the client packet did not include a connection ID. | ||
|
|
||
| The Packet Number field is set to a randomized value. This packet SHOULD use | ||
| the short header form with the shortest possible packet number encoding. This |
There was a problem hiding this comment.
I think I would phrase this as "the packet type should be X, which represents the shortest packet encoding", because you aren't allowed to use long format under any conditions.
draft-ietf-quic-transport.md
Outdated
| either cannot be decrypted or is marked as a potential duplicate. The client | ||
| then performs a constant-time comparison of the last 16 octets of the packet | ||
| with the Stateless Reset Token provided by the server in its transport | ||
| parameters. If this comparison is successful, the connection MUST be terminated |
There was a problem hiding this comment.
Can you say what "terminated" means? Is it the same as having received CONNECTION_CLOSE?
There was a problem hiding this comment.
Perhaps "all connection state MUST be discarded."
There was a problem hiding this comment.
Any of the above seem fine for now; we'll want to tie this in with @janaiyengar's Unified Theory of Connection Closure when that lands.
There was a problem hiding this comment.
You can't discard state if you are going to enter the draining period. But we don't need draining, we just need to stop. (Any subsequent stateless resets we get will get discarded according to our new packet handling rules.)
draft-ietf-quic-transport.md
Outdated
| possible packet number encoding, which minimizes the perceived gap between the | ||
| last packet that the server sent and this packet. A server MAY use a different | ||
| short header type, indicating a different packet number length, but this allows | ||
| for the message to be identified as a stateless reset more easily using |
There was a problem hiding this comment.
nit: "this allows for" - I think you mean to say that using a 1-byte packet number makes life easier, but "this" is ambiguous here. Maybe something like: "A server MAY use a different short header type, indicating a different packet number length, but using 0x01 allows for the message to be identified as a stateless reset more easily using heuristics."
There was a problem hiding this comment.
It's not the identification we care about, but the fact that an observer could identify the SR by seeing a packet number jump. If the number is only eight bits long, then it's harder for an observer to infer a large jump.
There was a problem hiding this comment.
Or rather, we're not trying to make identification easy for the client, we're trying to make it hard for everyone else.
There was a problem hiding this comment.
Yeah, but I take the comment- I will revise along the lines suggested.
draft-ietf-quic-transport.md
Outdated
| either cannot be decrypted or is marked as a potential duplicate. The client | ||
| then performs a constant-time comparison of the last 16 octets of the packet | ||
| with the Stateless Reset Token provided by the server in its transport | ||
| parameters. If this comparison is successful, the connection MUST be terminated |
There was a problem hiding this comment.
Perhaps "all connection state MUST be discarded."
draft-ietf-quic-transport.md
Outdated
| possible packet number encoding, which minimizes the perceived gap between the | ||
| last packet that the server sent and this packet. A server MAY use a different | ||
| short header type, indicating a different packet number length, but this allows | ||
| for the message to be identified as a stateless reset more easily using |
There was a problem hiding this comment.
It's not the identification we care about, but the fact that an observer could identify the SR by seeing a packet number jump. If the number is only eight bits long, then it's harder for an observer to infer a large jump.
draft-ietf-quic-transport.md
Outdated
| either cannot be decrypted or is marked as a potential duplicate. The client | ||
| then performs a constant-time comparison of the last 16 octets of the packet | ||
| with the Stateless Reset Token provided by the server in its transport | ||
| parameters. If this comparison is successful, the connection MUST be terminated |
There was a problem hiding this comment.
Any of the above seem fine for now; we'll want to tie this in with @janaiyengar's Unified Theory of Connection Closure when that lands.
draft-ietf-quic-transport.md
Outdated
| by the server in its transport parameters. If this comparison is successful, | ||
| the connection MUST be terminated immediately. Otherwise, the packet can be | ||
| discarded. | ||
| either cannot be decrypted or is marked as a potential duplicate. The client |
There was a problem hiding this comment.
nit: I'd go with "is marked as a duplicate packet."
draft-ietf-quic-transport.md
Outdated
| the connection MUST be terminated immediately. Otherwise, the packet can be | ||
| discarded. | ||
| either cannot be decrypted or is marked as a potential duplicate. The client | ||
| then performs a constant-time comparison of the last 16 octets of the packet |
There was a problem hiding this comment.
Is it necessary to mention it's constant time?
draft-ietf-quic-transport.md
Outdated
| either cannot be decrypted or is marked as a potential duplicate. The client | ||
| then performs a constant-time comparison of the last 16 octets of the packet | ||
| with the Stateless Reset Token provided by the server in its transport | ||
| parameters. If this comparison is successful, the client MUST discard all |
There was a problem hiding this comment.
Instead of successful, how about "If they are identical" ?
draft-ietf-quic-transport.md
Outdated
| with the Stateless Reset Token provided by the server in its transport | ||
| parameters. If this comparison is successful, the client MUST discard all | ||
| connection state and not send any further packets on this connection. If the | ||
| comparison is unsuccessful, the packet can be discarded. |
There was a problem hiding this comment.
is unsuccessful => fails?
This makes the location of the token fixed with respect to the end of
packets, which makes it easier to find. It also expands the conditions
for checking the token, which now include cases where packets appear
to be duplicated.
Closes #820.