Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Retry packet and Server-Chosen Connection ID #713

Closed
MikeBishop opened this issue Aug 8, 2017 · 2 comments
Closed

Retry packet and Server-Chosen Connection ID #713

MikeBishop opened this issue Aug 8, 2017 · 2 comments
Assignees
@janaiyengar
Labels
-transport design An issue that affects the design of the protocol; resolution requires consensus. has-consensus An issue that the Chairs have determined has consensus, by canvassing the mailing list.

Comments

@MikeBishop
Copy link
Contributor

In Paris, there was discussion about allowing the server to change the Connection ID on a Server Stateless Retry. However, the spec doesn't actually define how to do this. Currently, it says to start a new connection, which could be read to imply a newly-random Connection ID.

For load-shedding, it would be nice to enable the server to point the client to a new server, which likely implies carrying it in the HelloRetryRequest.
@martinthomson martinthomson added the design An issue that affects the design of the protocol; resolution requires consensus. label Aug 8, 2017
@janaiyengar
Copy link
Contributor

From editors' discussion on this:

Our joint recollection is that a new Connection ID can be sent along with the HRR, potentially in a TLS extension. The client uses it in the subsequent Client Initial. The server-side load balancer treating it as a client-chosen connection ID, which means that the server that sent the HRR should, if it wants redirection, generate this Connection ID accordingly.

For verification, the server can send a cookie along with HRR that contains the proposed connection ID, which the client echoes in new Client Initial.

@janaiyengar janaiyengar mentioned this issue Aug 8, 2017
Closed
@martinthomson martinthomson changed the title Stateless Retry and Server-Chosen Connection ID Retry packet and Server-Chosen Connection ID Nov 7, 2017
@ianswett
Copy link
Contributor

Based on re-reading the draft, I don't believe this was ever written up. Also, if we do this in an extension, which I like, can we stop having the server unilaterally change the connection ID and instead have the server inform the client to change the connection ID with the TLS extension?

That would solve #714 cleanly I believe.

@ianswett ianswett mentioned this issue Jan 9, 2018
Closed
martinthomson added a commit that referenced this issue Jan 24, 2018
@martinthomson
Pick a new connection ID with Retry packets
7cd3665 
Part of why we were echoing the connection ID in Retry is now no longer
relevant. We now have encryption providing the primary proof of receipt
for the Initial packet.

Allowing the server to pick a new connection ID and include that in the
Retry packet header allows servers to steer clients.

Closes #713.
martinthomson added a commit that referenced this issue Jan 24, 2018
@martinthomson
Pick a new connection ID with Retry packets
69abaf6 
Part of why we were echoing the connection ID in Retry is now no longer
relevant. We now have encryption providing the primary proof of receipt
for the Initial packet.

Allowing the server to pick a new connection ID and include that in the
Retry packet header allows servers to steer clients.

Closes #713, #1041.
@martinthomson martinthomson mentioned this issue Jan 24, 2018
Merged
@mnot mnot added the has-consensus An issue that the Chairs have determined has consensus, by canvassing the mailing list. label Mar 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@janaiyengar janaiyengar

Labels
-transport design An issue that affects the design of the protocol; resolution requires consensus. has-consensus An issue that the Chairs have determined has consensus, by canvassing the mailing list.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@martinthomson @mnot @MikeBishop @janaiyengar @ianswett