Re: [Last-Call] Opsdir last call review of draft-ietf-quic-version-negotiation-10

David Schinazi <> Fri, 30 September 2022 22:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 23694C14CF0C; Fri, 30 Sep 2022 15:37:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CCh8Ngt7suel; Fri, 30 Sep 2022 15:37:14 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 62486C14CEFC; Fri, 30 Sep 2022 15:37:11 -0700 (PDT)
Received: by with SMTP id e22so2262978uar.5; Fri, 30 Sep 2022 15:37:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=7OHQHxlxYK2K6uvS5ag4q3mqA6kUY5QqF2kJCoMTZds=; b=KIJblWKaLomhr1oH81/5lzKnYwd69oKHgWnk4IcWt1cWVGL3RFYk9YsVrgsBfhMH66 y00EvpG0XpAjiWM3IjfYIvKmxKZ5DKX5eKWbZvbNArtIYm5Vx4Jd50UxVlDQbkAgfso0 Xs/oiSizP3FX9EdyPwzCUca/pO3isLxX7EXOfmjP8qO/+hZGBOJwBp7z61bdDaZNd/kX aZ9LgHVQ7cxiCZOSDdj1S0Zsz+5rCCGUwdPCHkC6aq4gDwe11CvxXS8+EkW9BoPvnYDA q5CHEyqJPc8Fn123a7AuZAzNIyM/qDogjEfmWCXbh4FyOh3wE2YsTPJ7qwSv/wBhXK9p jALQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=7OHQHxlxYK2K6uvS5ag4q3mqA6kUY5QqF2kJCoMTZds=; b=RfuNwgj9Geju8Aof2W6LeOWpstfGtJf//5gVG4bYP9YohBqgnoPEwNiboxmCnXsfTY 7QjI4z8gwqvIgPHizG9SXJsYNaxH72Xf21ksVLImj/UKuoyBSlmEpZqF/aDME6kD7YQN MJU2OGCby0FCEj0Gvw0FbL3B6i0ICKacyjpZxKdQa9VI5tfQCxRU/mJtturpTmfFqC7c uw+Rrl7vh4tSueornKrjYQI+yV02FuvUxj5Js+0bCCrrRtUj+UC90XUxgVVGAiAWakv+ ZC6YKb5TofzBGsUTmdC9mlm+elKcpd7VoPfVpH+K/OZGC+XMAUdQ7jRU9vbiUlpoOfiU 89vQ==
X-Gm-Message-State: ACrzQf3D07IogPBM9xMjHi4DkW+AmMIArkTYftohkiOBo4ng6HT7RBLR u0UeTuOLhbyvxOt/YqbxFBRaISVJNIcw4kTda5V+GrUBous=
X-Google-Smtp-Source: AMsMyM538A6eLuHkGAstxKFmz8GO3a8mctNGEttisVPGkAIQrwUjikAuT6E7JoF9TNRULtQfFIE6SDCNPVKFpt4tycs=
X-Received: by 2002:ab0:4a5e:0:b0:3ba:2511:933f with SMTP id r30-20020ab04a5e000000b003ba2511933fmr6052388uae.67.1664577430288; Fri, 30 Sep 2022 15:37:10 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: David Schinazi <>
Date: Fri, 30 Sep 2022 15:36:59 -0700
Message-ID: <>
To: Qin Wu <>
Content-Type: multipart/alternative; boundary="0000000000006f081205e9eca280"
Archived-At: <>
Subject: Re: [Last-Call] Opsdir last call review of draft-ietf-quic-version-negotiation-10
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 30 Sep 2022 22:37:16 -0000

Hi Qin, thank you for your comments, responses inline.

Note to other WG members: PR 127 is completely editorial but 128 does add
some RFC 2119 language that was previously implicit, please double-check my


On Fri, Sep 30, 2022 at 5:48 AM Qin Wu via Datatracker <>

> Minor Issues:

1. Section 4 introduce verson downgrade term [Qin]What the version
> downgrade is? I
> feel confused, does it mean when I currently use new version, I should not
> fall
> back to the old version? Can you explain how version downgrade is different
> from version incompatible? It will be great to give a definition of version
> downgrade in the first place or provide an example to explain it?

It's a pretty common term of art in versioned protocols but I've defined it
in Section 4.

> 2. Section 9
> said: " The requirement that versions not be assumed compatible mitigates
> the
> possibility of cross-protocol attacks, but more analysis is still needed
> here."
> [Qin] It looks this paragraph is incomplete, what else analysis should we
> provide to make this paragraph complete?

The paragraph is complete. It acknowledges the potential for cross-protocol
and encourages more research in this area.

> 3. Section 10 [Qin]: I am not clear
> why not request permanent allocation of a codepoint in the 0-63 range
> directly
> in this document. In my understanding, provisional codepoint can be
> requested
> without any dependent document? e.g., Each vendor can request IANA for
> Vendor
> specific range. Secondly, if replacing provisional codepoint with permanent
> allocation, requires make bis for this document, I don't think it is
> reasonable.

The IANA section means that when the IESG approves the document, we will
modify the document to select a permanent 0-63 codepoint before or during
AUTH48. There will be no need for a bis document.

> Nits:

1. Section 2 said: " For instance, if the client initiates a
> connection with version A and the server starts incompatible version
> negotiation and the client then initiates a new connection with .... "
> [Qin]Can
> the client starts incompatible version negotiation? if not, I think we
> should
> call this out, e.g., using RFC2119 language.

Good catch, this was an implicit assumption. I made it explicit with 2119

> 2. Section 2, last paragraph [Qin]
> This paragraph is a little bit vague to me, how do we define not fully
> support?
> e.g., the server can interpret version A, B,C, but the server only fully
> implements version A,B, regarding version C, the server can read this
> version,
> but can not use this version, in other words, it is partially implemented,
> is
> my understanding correct?

Your understanding is correct. Do you have suggestions for better wording?

> 3.Section 2.1 the new term "offered version" [Qin]
> Can you add one definition of offered versions in section 1.2, terminology
> section? To be honest, I still not clear how offered version is different
> from
> negotiated version? Also I suggest to add definitions of accepted version,
> deployed version as well in section 1.2? Too many terminologies, hard to
> track
> them in the first place.

Those terms are introduced with a reference to Section 5 that very clearly
defines them. Duplicating those definitions in Section 1.2 would make the
document less clear in my opinion.

> 4. Section 6 said: " it is possible for some
> application layer protocols to not be able to run over some of the offered
> compatible versions. " [Qin]I believe compatible versions is not
> pertaining to
> any application layer protocol, if yes,
>  s/compatible versions/compatible QUIC versions

Compatible versions are defined as referring to QUIC versions. My apologies
but I think the existing text is clearer.

5.Section 7.1 said:
> "For example, that could be accomplished by having the server send a Retry
> packet in the original
>  version first thereby validating the client's IP address before"
> [Qin] Is Version first Version 1? If the answer is yes, please be
> consistent
> and keep using
>  either of them instead of inter-exchange to use them.
>  s/version first/version 1

You're misunderstanding this sentence, I've moved the word first to avoid
the confusion: