Re: [TLS] Lost last DTLS Flight

To: Michael Tüxen <Michael.Tuexen at lurchi.franken.de>
Subject: Re: [TLS] Lost last DTLS Flight
From: Eric Rescorla <ekr at networkresonance.com>
Date: Mon, 27 Oct 2008 10:40:50 -0700
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <C065E2F1-0EEA-4D04-AE22-EBC0D13F96BC at lurchi.franken.de>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <F94A1164-35FA-4A4A-8FE1-2EFB898FDC6D at fh-muenster.de> <20081027152419.7DA186E5086 at kilo.rtfm.com> <C065E2F1-0EEA-4D04-AE22-EBC0D13F96BC at lurchi.franken.de>
Sender: tls-bounces at ietf.org
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Mon, 27 Oct 2008 18:00:34 +0100,
Michael Tüxen wrote:
> 
> On Oct 27, 2008, at 4:24 PM, Eric Rescorla wrote:
> 
> > At Mon, 27 Oct 2008 12:07:59 +0100,
> > Robin Seggelmann wrote:
> >>
> >> We're still working on DTLS for SCTP and stumbled over a problem with
> >> the last flights specified in RFC 4347. The server receives flight 5
> >> (Certificate, ..., ChangeCipherSpec, Finished) from the client,
> >> changes its state to FINISHED and sends its ChangeCipherSpec and
> >> Finished (Flight 6). What happens if this flight gets lost? The
> >> server already is in the FINISHED state and as there also is no
> >> acknowledgement, so it won't be retransmitted. Hence, the client
> >> keeps waiting for the flight to arrive and the connection is most
> >> likely to fail.
> >
> > You're right, this is a bug in the state machine. Nice catch.
> >
> > ISTM that the way this actually needs to work is that the server needs
> > to stay in WAITING until 2MSL has expired, in case it receives a
> > retransmitted Flight 5, in which case it retransmits Flight 6.
> This means that the server will be in WAITING for approximately 30  
> seconds.
> What happens when the receives application data during that time?
> What happens if he want to transmit application during that time?
> for example after the renegotiation?

There's no reason why it can't transmit or receive during this period,
though I agree we need to be sure the text says this.

-Ekr

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Lost last DTLS Flight
  - From: Michael Tüxen

References:
- [TLS] Lost last DTLS Flight
  - From: Robin Seggelmann
- Re: [TLS] Lost last DTLS Flight
  - From: Eric Rescorla
- Re: [TLS] Lost last DTLS Flight
  - From: Michael Tüxen

Prev by Date: Re: [TLS] Lost last DTLS Flight
Next by Date: [TLS] TLS with openpgp keys
Previous by thread: Re: [TLS] Lost last DTLS Flight
Next by thread: Re: [TLS] Lost last DTLS Flight
Index(es):
- Date
- Thread

Re: [TLS] Lost last DTLS Flight

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.