-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: QUIC 0-RTT APIs #60107
Comments
Thank you @FiloSottile! You're right, this would allow quic-go to drop the crypto/tls fork. |
CC @neild |
Currently, the server will include a session ticket (without the early_data extension set) in the flight of data which concludes the handshake. We presumably don't want to send both a session ticket without early_data and one with. How will that work? Do QUIC connections only send session tickets when SendSessionTicket is called? What happens if QUICConn.SendSessionTicket is called when Config.SessionTicketsDisabled is true?
I think it'd be safer if the server needs to explicitly accept early data, but it doesn't matter all that much. |
Yep, that's the idea. The current behavior would be equivalent to calling HandleData and then SendSessionTicket immediately after. This also allows sending multiple tickets if desired.
I'd say SendSessionTicket returns an error.
For what it's worth, the server needs to have called SendSessionTicket with earlyData true for this to happen, the client can't force it unilaterally. |
This proposal has been added to the active column of the proposals project |
This is a lot of new API, but my understanding is that @FiloSottile, @neild, and @marten-seemann are all in favor of it. Have all remaining concerns been addressed? |
LGTM. Minor change: Under the latest version of #44886, the
|
Change https://go.dev/cl/496995 mentions this issue: |
I updated my branch in quic-go to make use of the new API exposed in https://go.dev/cl/496995. |
Based on the discussion above, this proposal seems like a likely accept. |
This got closed but the proposal is still in progress. Reopening so it can get to a resolution (and if it doesn't make it to accepted state, to revert the CL). |
(It's all good @dmitshur, as long as it's in the right column of the Proposal board.) |
No change in consensus, so accepted. 🎉 |
I think we got the
I believe we're likely to want to allow configuring the session ticket in other ways than setting the early_data extension. To allow for future expansion,
I've got ideas about what additional fields we might want to put in there, but that's a separate proposal and doesn't need to happen for Go 1.21. For now, I'd just like to keep our options open. |
I agree. Using a config struct seems like an easy way to make this API more future proof. |
Change https://go.dev/cl/514997 mentions this issue: |
Change https://go.dev/cl/514999 mentions this issue: |
Do these two CLs solve (close) the issue? If this is truly a release-blocker for 1.21, it needs to be taken care of soon. I can help with the process parts of kicking it along (release rotation this week) but might not be qualified for a technical review. |
https://go.dev/cl/514997 is the proposed API change. If we accept it, then we'll also need a backport to 1.21. I'm not sure what the right path is for tweaks to accepted API proposals like this; I think the change is uncontroversial, but perhaps the proposal committee should give it a thumbs up. |
Given that @neild, @marten-seemann, and @FiloSottile all seem to be in favor of this tiny API change and are also the complete set of people who could possibly be affected, this sounds good. Tiny change approved. |
To allow for future evolution of the API, make QUICConn.SendSessionTicket take a QUICSessionTicketOptions rather than a single bool. For #60107 Change-Id: I798fd0feec5c7581e3c3574e2de99611c81df47f Reviewed-on: https://go-review.googlesource.com/c/go/+/514997 Reviewed-by: Roland Shoemaker <[email protected]> Run-TryBot: Damien Neil <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Marten Seemann <[email protected]>
Change https://go.dev/cl/515335 mentions this issue: |
The crypto/tls QUIC session ticket API may change prior to the go1.21 release (see golang/go#60107). Drop session tickets entirely for now. We can revisit this when adding 0-RTT support later, which will also need to interact with session tickets. For golang/go#58547 Change-Id: Ib24c456508e39ed11fa284ca3832ba61dc5121f3 Reviewed-on: https://go-review.googlesource.com/c/net/+/514999 Run-TryBot: Damien Neil <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]>
…an options struct To allow for future evolution of the API, make QUICConn.SendSessionTicket take a QUICSessionTicketOptions rather than a single bool. For #60107 Change-Id: I798fd0feec5c7581e3c3574e2de99611c81df47f Reviewed-on: https://go-review.googlesource.com/c/go/+/514997 Reviewed-by: Roland Shoemaker <[email protected]> Run-TryBot: Damien Neil <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Marten Seemann <[email protected]> (cherry picked from commit a915b99) Reviewed-on: https://go-review.googlesource.com/c/go/+/515335 Auto-Submit: Damien Neil <[email protected]>
Change https://go.dev/cl/549196 mentions this issue: |
This was implemented in Go 1.21. Change-Id: Ic434670938589f10f367b1f893c4427e6f0b991c Reviewed-on: https://go-review.googlesource.com/c/go/+/549196 Auto-Submit: Damien Neil <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Mauri de Souza Meneguzzo <[email protected]>
This was implemented in Go 1.21. Change-Id: Ic434670938589f10f367b1f893c4427e6f0b991c Reviewed-on: https://go-review.googlesource.com/c/go/+/549196 Auto-Submit: Damien Neil <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Mauri de Souza Meneguzzo <[email protected]>
This proposal adds a couple features on top of #60105 and #44886 to let QUIC stacks implement 0-RTT. It does NOT add 0-RTT support for TLS connections. The hard part of supporting 0-RTT in TLS is figuring out a safe application API which doesn't break the
net.Conn
contract. A QUIC stack has a easier to adapt interface with its applications.The flow on the server side is:
SendSessionTicket
withearlyData
set to true, and gets back aQUICWriteData
event to send a fresh session ticket with the early_data extension. During this call, theConfig.WrapSession
callback is called and allows the QUIC stack to store parameters inSessionState.Extra
.Config.UnwrapSession
. The state hasSessionState.EarlyData
set to true, if the server wants to reject early data it sets it to false before returning it.HandleData
returns aQUICSetReadSecret
with levelQUICEncryptionLevelEarly
beforeQUICEncryptionLevelHandshake
. If the former is not returned before the latter, early data was rejected.The flow on the client side is:
ClientSessionCache.Put
gets called.ClientSessionState.ResumptionSession
returns aSessionState
withEarlyData
set to true if the server enabled early data support.ClientSessionCache.Get
returns that session for a later connection duringStart
. If the client doesn't want to request early data, it can setSessionState.EarlyData
to false.Start
returns aQUICSetWriteSecret
withQUICEncryptionLevelEarly
if the session is good and early data was be offered. The client can start sending early data.HandleData
returns aQUICRejectedEarlyData
event beforeQUICEncryptionLevelApplication
keys are returned. If the former is not returned before the latter, the early data was accepted.This was designed with @marten-seemann and if I'm not mistaken along with #60105 and #44886 it should allow quic-go to drop its crypto/tls fork ✨
/cc @golang/security @golang/proposal-review
The text was updated successfully, but these errors were encountered: