Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify framing mode #59

Merged
merged 6 commits into from
Jul 7, 2022
Merged

Specify framing mode #59

merged 6 commits into from
Jul 7, 2022

Conversation

bemasc
Copy link
Collaborator

@bemasc bemasc commented Jun 8, 2022

Fixes #41, #42

ekr
ekr reviewed Jun 8, 2022
View reviewed changes
draft-ietf-tls-ctls.md Outdated
length of `2^16-1`. When operating over UDP, large `CTLSHandshake` messages
will also require the use of IP fragmentation, which is sometimes
undesirable. Operators can avoid these concerns by setting
`template.handshakeFraming = true`.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to say how you also need an in-order transport?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had intended this to be usable even on out-of-order transports. It appears to be safe for DTLS 1.3, because the only messages sent in plaintext are ClientHello, ServerHello, HelloRetryRequest, and Alert, each of which constitutes an entire "flight" and so is at no risk of reordering. All multi-message flights are in ciphertext, and can rely on the unified header's sequence number for ordering.

This would not have worked in DTLS 1.2, and I suppose it is not guaranteed for future versions. Perhaps we can nonetheless rely on this property for now, and address the problem if it arises in the future.

I'm not 100% sure how this interacts with the DTLS ACK and retransmission system, but it seems reasonably straightforward to deduplicate identical ServerHellos, to avoid placing a retransmitted ServerHello in the transcript twice.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think you can rely on the sequence number for reordering because retransmits use a new sequence number.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had been thinking that we would change that, but never mind.

I've added a CTLSDatagramHandshake type that has a message_seq field for reordering.

@bemasc bemasc requested a review from ekr June 9, 2022 20:31
@bemasc bemasc mentioned this pull request Jun 28, 2022
Merged
@bemasc
Copy link
Collaborator Author

bemasc commented Jul 1, 2022

FYI, this PR now moves profile_id out of the ClientHello back into CTLSPlaintext (now called CTLSClientPlaintext). This avoids confusing questions about how to demultiplex profiles that use different handshakeFraming modes.

@ekr
Copy link
Collaborator

ekr commented Jul 7, 2022

LGTM.

@ekr ekr merged commit b68a05d into master Jul 7, 2022
@bemasc bemasc mentioned this pull request Jul 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekr ekr Awaiting requested review from ekr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Discuss fragmentation of handshake messages in cTLS/UDP
2 participants
@bemasc @ekr