Re: [TLS] Lost last DTLS Flight

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [TLS] Lost last DTLS Flight
From: Michael Tüxen <Michael.Tuexen at lurchi.franken.de>
Date: Mon, 27 Oct 2008 18:00:34 +0100
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <20081027152419.7DA186E5086 at kilo.rtfm.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <F94A1164-35FA-4A4A-8FE1-2EFB898FDC6D at fh-muenster.de> <20081027152419.7DA186E5086 at kilo.rtfm.com>
Sender: tls-bounces at ietf.org

On Oct 27, 2008, at 4:24 PM, Eric Rescorla wrote:

At Mon, 27 Oct 2008 12:07:59 +0100,
Robin Seggelmann wrote:


We're still working on DTLS for SCTP and stumbled over a problem with
the last flights specified in RFC 4347. The server receives flight 5
(Certificate, ..., ChangeCipherSpec, Finished) from the client,
changes its state to FINISHED and sends its ChangeCipherSpec and
Finished (Flight 6). What happens if this flight gets lost? The
server already is in the FINISHED state and as there also is no
acknowledgement, so it won't be retransmitted. Hence, the client
keeps waiting for the flight to arrive and the connection is most
likely to fail.


You're right, this is a bug in the state machine. Nice catch.

ISTM that the way this actually needs to work is that the server needs
to stay in WAITING until 2MSL has expired, in case it receives a
retransmitted Flight 5, in which case it retransmits Flight 6.

This means that the server will be in WAITING for approximately 30seconds.

What happens when the receives application data during that time?
What happens if he want to transmit application during that time?
for example after the renegotiation?

Best regards
Michael



That sound right?

-Ekr
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls


_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Lost last DTLS Flight
  - From: Eric Rescorla

References:
- [TLS] Lost last DTLS Flight
  - From: Robin Seggelmann
- Re: [TLS] Lost last DTLS Flight
  - From: Eric Rescorla

Prev by Date: Re: [TLS] Lost last DTLS Flight
Next by Date: Re: [TLS] Lost last DTLS Flight
Previous by thread: Re: [TLS] Lost last DTLS Flight
Next by thread: Re: [TLS] Lost last DTLS Flight
Index(es):
- Date
- Thread

Re: [TLS] Lost last DTLS Flight

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.