On 9/25/2018 12:15 PM, Tony Finch wrote: > For DNS-over-QUIC I think that could drop to 2RTT, or maybe 1RTT? I don't > know QUIC's handshake. > > The warm start time should soon be 0RTT.
The basic QUIC handshake will be 1-RTT before sending the first query, with two exceptions: 1) The server may require a token exchange (similar to SYN cookies or DNS cookies) to protect against DOS attacks, in which case the handshake will take 2 RTT. 2) If the client has established a connection previously and obtained a "resume token", it could use 0-RTT, and send the first query immediately after the initial QUIC packet -- in fact in the same UDP packet as the initial QUIC packet. Using 0-RTT is a trade-off between security and performance, because 0-RTT packets can be subject to replay attacks. That's true for 0-RTT in QUIC and also 0-RTT in TLS. If you are really concerned about privacy, the prudent decision is to not use 0-RTT. I ran a number of simulations comparing DNS over QUIC to DNS over UDP or TCP, considering QUIC with and without 0RTT. The high level summary is that for traffic from client to recursive, there is very little difference: * TCP and QUIC-1RTT suffer a 1RTT penalty when a new connection is required, but observations of traffic show that this is a relatively rare event between client and recursive. * TCP and QUIC benefit from better re-transmission handling than UDP; they can use "dup ACK" or "selective ACK" processing, when UDP has to rely on timers only. * When re-transmissions are necessary, TCP suffers from "head of line blocking". UDP and QUIC do not. * QUIC and TCP can carry long messages. UDP has to rely either the TC bit and TCP fall back. I did not model TLS. My assumption is that TLS will be mostly equivalent to TCP, but requires an extra round trip to set up the connection unless you can use TCP fast open. The high level summary is that if there is some truncation and fallback happening, UDP performs less well than either TCP or QUIC. If 0-RTT is enabled, QUIC performs better than either UDP or TCP in all scenarios; if it is not, QUIC still performs slightly better than TCP or TLS, because it does not suffer from head of line blocking. -- Christian Huitema _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
