IETF Logo Mail Archive

Re: [quicwg/base-drafts] Resume HTTP/2 TLS from QUIC ? (#941)

Martin Thomson <notifications@github.com> Fri, 15 December 2017 23:57 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE5B71241FC for <quic-issues@ietfa.amsl.com>; Fri, 15 Dec 2017 15:57:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5a6KVblKmKI8 for <quic-issues@ietfa.amsl.com>; Fri, 15 Dec 2017 15:57:18 -0800 (PST)
Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2-ext7.iad.github.net [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B801A1201FA for <quic-issues@ietf.org>; Fri, 15 Dec 2017 15:57:18 -0800 (PST)
Date: Fri, 15 Dec 2017 15:57:17 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1513382238; bh=ILbB1EjRKe194ERBClnCuVeqsZbYSAgb0GG/2lGHtMo=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=BfYP6ipq0RNRyP5r+AElAb9PW3Dt9OJAiBAPDzYgqQfTJDavRhsFibA3ATWMX56vt PhzLgFBQ8EucesqH7XLykpUYDYxq1GBOjydVk6I2JW09BAxIrtKwyKzS1ScaMlRvoT Akf0kpxg9yaRQ45LvB2VAtKQiO4bLxhBl1Mvq40Q=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab29d67acdf47808042b20eb16b35caf2126ba9f9c92cf00000001164c235d92a169ce105fcf55@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/941/352140849@github.com>
In-Reply-To: <quicwg/base-drafts/issues/941@github.com>
References: <quicwg/base-drafts/issues/941@github.com>
Subject: Re: [quicwg/base-drafts] Resume HTTP/2 TLS from QUIC ? (#941)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5a34615de69b0_1f7e3ffd938ccf2811932e"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/5PiwRl5helcQ-q8OkIUCL1BxcuI>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Dec 2017 23:57:21 -0000

I realize that I was the one to be persuaded that this cross-protocol resumption is a good idea, but I've since concluded that unless we revise ALPN, this is unwise.

This is not a problem at all if you intend to do simple resumption without 0-RTT, but it gets complicated thereafter.

The way that TLS works assumes that the ALPN value is remembered by the server (note that remembering often means embedding it in the ticket, that detail doesn't matter here).  It uses this remembered value to decide what protocol the client is speaking.  If it accepts 0-RTT, it assumes that the protocol hasn't change.  The server also can't change the protocol if it accepts 0-RTT.

We created an equivalency between h2/TLS and hq/QUIC in the quic-tls draft.  That seems like a great idea until you consider the potential for a similar equivalency between h2 and hqv2 (or whatever we call the next version).  A client that makes a QUIC connection and resumes from h2 might advertise [hq, hqv2] in its handshake, and the server has to assume that the packets are hq.  In other words, the equivalency is 1-1.  That limits our ability to deploy new protocol versions.

The same considerations apply in the reverse direction.

I think that we should drop this feature and instead develop a new document that describes two things: 

* explicit advertisement of support for different protocols for 0-RTT.  That might use ALPN in the NewSessionTicket message, or a new extension.
* a means of the client signaling which of the selected protocols it is using for early data.  This might be as simple as saying that the first entry in ALPN is what is in use, or it could use a new extension.

That sort of design has the virtue of restricting the resumption to TLS 1.3 or higher as well.  (BTW, I thought that we had a hard rule about keeping the version the same for resumption.)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/941#issuecomment-352140849

v2.23.0 | Report a Bug | By Email