IETF Logo Mail Archive

Re: Fwd: New Version Notification for draft-duke-httpbis-quic-version-alt-svc-00.txt

Martin Thomson <mt@lowentropy.net> Thu, 10 March 2022 05:02 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 073C23A09E3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 9 Mar 2022 21:02:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.76
X-Spam-Level:
X-Spam-Status: No, score=-2.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=qB8X2J3o; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=SVfETgtQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lP-CiJoL5jed for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 9 Mar 2022 21:02:02 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69C293A0A01 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 9 Mar 2022 21:02:01 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1nSAto-0002lx-8C for ietf-http-wg-dist@listhub.w3.org; Thu, 10 Mar 2022 04:59:40 +0000
Resent-Date: Thu, 10 Mar 2022 04:59:40 +0000
Resent-Message-Id: <E1nSAto-0002lx-8C@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1nSAtm-0002ky-55 for ietf-http-wg@listhub.w3.org; Thu, 10 Mar 2022 04:59:38 +0000
Received: from out2-smtp.messagingengine.com ([66.111.4.26]) by mimas.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1nSAtk-0000t4-4x for ietf-http-wg@w3.org; Thu, 10 Mar 2022 04:59:38 +0000
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 4C56A5C028E for <ietf-http-wg@w3.org>; Wed, 9 Mar 2022 23:59:24 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute2.internal (MEProxy); Wed, 09 Mar 2022 23:59:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm2; bh=swIaL0tZas9baDuS9vLn+B2khB4IO2rNjnmZw1 7OPPs=; b=qB8X2J3od5roRatRVvjE5+mYrkFNBllOchPDquBcbKmHzO70RZVARR MczffxfKdAmOLv2H35BCGF3p4s2nSyZDD56ymLPmQLoM+IYc47mwQjnQ+qHHRKzU 54aF6acXJoy2xrC+sqvaun7hIj/ntL8vU99cEvM8uEsMlMGtolr/gnB+bmsAC8YC Zfw5MG851cYD5d3C/jasU8YXVV4XJSGJut00Rpa0Jlun+NSxhZfiU4t1Q7tTQtzR ivPnvcsJzBtJLW9caoqr8gseasLAVRauK9sP0pIh8NQLlm8NXkMtxHsQL8bZV9o/ m1dWNh9DkAmTxW5Ec0t4AZ989xSJZ9Ow==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=swIaL0tZas9baDuS9 vLn+B2khB4IO2rNjnmZw17OPPs=; b=SVfETgtQqW2rlzrF2z5ftszHUsRIvAEIW pogILxvroQJpf2QXBHaFjJTpONv2yk+6llFiFcdbp2NcgzjAzbHGTq2mcSTNJdje FlH8wDfM0MPMLnd+dXKV4lGGRN9UTgkyTwGjRejAm9D6kRi7/hZir+01tpLBbB9J iMJ58SMUbKl+tYMvV/hKuj11q9KH/WpAEnqiVIeM9sGxi9rbZz1AMJmNhpN49laD RJgJrlDEvfTs7hQSJ9Up3Dn3lC1vIlXwQb5gLB7G7GP51Gahoq9eP+awnDu1+2fH mr0wP+PHTKSR8X4wvJ/COYfWvG7+gQb1+zYJQEh0yVqE69ctYDY5Q==
X-ME-Sender: <xms:rIUpYk00l1Tfaub-cm_idzSFFmz0jU7UmCkRpylDyBxIKEO2WFgTUg> <xme:rIUpYvGOUCIwRXC7gCQnOU1ditMHMybquDFTBJ02iD6xFzBOjOzhCZt1XuLRA85sn NdYJ_zxhC7v8BoWvrw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudduledgjeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeekteeuieektdekleefke evhfekffevvdevgfekgfeluefgvdejjeegffeigedtjeenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvg ht
X-ME-Proxy: <xmx:rIUpYs66RbgYWAFKw1pcpf-D8A2G7-DCqNHj8zyMF7vDpaaOf6yZRA> <xmx:rIUpYt0JUTo0UMn8nDITlZ30KYJln0hU4OEonQI94JEVuMhqCSjLKw> <xmx:rIUpYnGFXZ2d8J8xyNpj0xtM8zMxh58_jatr8Y4axVymLvbItfgUSA> <xmx:rIUpYrT7ar-fBhaFjolIvokuanCa8wEXuchzQRFNmHpOVIsC--ZMtQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 170C23C04A3; Wed, 9 Mar 2022 23:59:24 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997
Mime-Version: 1.0
Message-Id: <753038c1-b746-4899-9257-5f8f845e468d@beta.fastmail.com>
In-Reply-To: <CAJ_4DfQwJy7htpGjz8-YL_Xwi_JG7nykUrCaqG9rN4OUXM2grg@mail.gmail.com>
References: <164642784186.28316.13591675645652624288@ietfa.amsl.com> <CALGR9oauYKBC4P4u_g+j_tYmaO6e8zTk4CAAyPaTxdWxsa+WfQ@mail.gmail.com> <571555f7-bfb4-4da1-8e3a-2242ed0fcc8d@beta.fastmail.com> <CAJ_4DfQwJy7htpGjz8-YL_Xwi_JG7nykUrCaqG9rN4OUXM2grg@mail.gmail.com>
Date: Thu, 10 Mar 2022 15:59:06 +1100
From: Martin Thomson <mt@lowentropy.net>
To: ietf-http-wg@w3.org
Content-Type: text/plain
Received-SPF: pass client-ip=66.111.4.26; envelope-from=mt@lowentropy.net; helo=out2-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=lowentropy.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1nSAtk-0000t4-4x 12f1d1c8241118921f40a89dbcc5ece7
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Fwd: New Version Notification for draft-duke-httpbis-quic-version-alt-svc-00.txt
Archived-At: <https://www.w3.org/mid/753038c1-b746-4899-9257-5f8f845e468d@beta.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39888
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Thu, Mar 10, 2022, at 10:46, Ryan Hamilton wrote:
> I don't think this is the case in Chrome. 

Ah, you whacky kids.  

> But maybe this was not the situation you were thinking of?

Indeed not.

In a world where we have HTTPS records, I think that the need for Alt-Svc goes back to its original intent: to manage how clients connect to servers.  It seems like Chrome has decided that this usage is not interesting to it, a view to which you are entitled, but it means even less interest in fixing Alt-Svc for this particular problem.

That doesn't mean that the problem is uninteresting.  It just moves the problem to HTTPS records.  When an HTTPS RR says "h3", it would be really nice if you could connect to the server without an extra round trip.  For that, there are several approaches we might consider.


A: Tight coupling

If the one ALPN always identifies the QUIC version implicitly, then things are fairly simple.  This is awkward because QUIC v2 requires a new ALPN for every protocol defined for QUIC v1.  Practically speaking, this would ensure that QUIC v2 is less practical to deploy, so I'd prefer not to go here.


B: Baseline version

If the ALPN identifies a baseline QUIC version and there is always a compatible** version upgrade from that QUIC version to a newer one, then you have to retain some support** for the baseline QUIC version in perpetuity, but you don't pay a performance cost.

This only works to the extent that the client and server both agree that the new QUIC version can be used with the new QUIC version.  Ben suggested that new QUIC versions enumerate the protocols that can be used, which seems awkward, but it might work (with the caveat that only important protocols get the treatment, which might not create good dynamics).

Here, by "compatible**", I mean that the versions support compatible version upgrade as the QUIC version negotiation draft defines it, PLUS the new QUIC version supports all the features in the baseline QUIC version provides the application protocol.

Here, by some "support**" it might be possible to only retain enough support for the old QUIC version to perform a compatible version upgrade to the new one.  


C: Optimism

If the ALPN label and QUIC version are just independent and the two could be incompatible, then clients need to guess what is going to work and potentially suffer a round trip if they guess wrong.

This might sound crazy or haphazard, but I'm not sure that it is.  This is exactly the thinking that TLS uses with key shares.  Clients guess what to attempt and there is a process that takes an extra round trip for when they guess wrong (HelloRetryRequest).  In practice, that mechanism is basically never used because everyone guesses X25519 and that guess is overwhelmingly correct.

The effect of this is that we don't have to specify anything really.  Let's say we do a QUIC v3 in a few years with some substantive changes.  That is either compatible** with QUICv2 or not.  

If QUIC v3 is compatible** with QUIC v1, then we can start deploying and using it easily.  Clients will probably stick to QUIC v1 most of the time, but they will get QUIC v3 pretty often.  At some point, when the usage of QUIC v3 is high enough, clients might choose to start with that and risk a version negotiation exchange if they guess wrong.  That might take a while, but at that point you can start to decommission QUIC v1.

In the meantime, servers can make a call about how much QUIC v1 they support.  They could effectively disable QUIC v1 and only allow compatible upgrades once all the clients they care about support QUIC v3.  We've seen that with older TLS versions; even though clients couldn't cut TLS 1.0 support, some servers removed support a long time back.

If QUIC v3 isn't compatible from a QUIC VN perspective, then clients won't get QUIC v3 unless they start there.  And there is a cost to guessing wrong.  That will probably dampen deployment prospects for QUIC v3, so I'm not sure that I see this as a likely outcome.  It might work if you follow the asynchronous connection Alt-Svc paradigm, but we've established now that not everyone does that, so the marginal utility is probably questionable.

If QUIC v3 starts out incompatible, but later develops QUIC VN compatibility through an update, then it's somewhere between being compatible** and incompatible: clients still risk an extra round trip by attempting QUIC v3, but they won't always have to worry about paying that cost.  This too seems like a poor option; it's probably unlikely to happen.

Note that if QUIC v3 isn't compatible from a feature-parity perspective, then it won't be running HTTP/3, so this option isn't relevant.  That's option A, which means a new HTTP version and ALPN label.


D: Extra signaling

This is where this draft is headed.  I wasn't previously opposed to the idea, but I'm much less sanguine about it after having written this all up. In particular, it's hard to see an outcome where you can become reliant on the signaling: HTTPS RRs are an essentially untrusted medium.  While Alt-Svc might be trustworthy, both mean that you have a tighter requirement for coordination between server instances (across CDNs even).  It complicates processing and logic (a little).  


Overall, I think that optimism is a reasonable strategy, at least for now.  We don't have to solve every problem with a specification; the sort of loose coordination necessary to ensure that there is something clients can use without extra round trips is totally achievable.  So I can't see much upside in doing extra signaling when doing nothing might just work out.

v2.23.0 | Report a Bug | By Email