Re: [quicwg/base-drafts] introduce a version alias mechanism (#2573)

"Philipp S. Tiesel" <> Tue, 09 April 2019 11:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D38721203BB for <>; Tue, 9 Apr 2019 04:10:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Ki5DQJBiYjOs for <>; Tue, 9 Apr 2019 04:10:05 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4A1BE1202DC for <>; Tue, 9 Apr 2019 04:10:05 -0700 (PDT)
Date: Tue, 09 Apr 2019 04:10:04 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1554808204; bh=X3XBA+/vQP7LHhulecevUxiGbdB+dx0xWwnUtRsih4A=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=J0P7ltoKURgy2MSLzworbzjZoJ0Mh5PqwHVbTtqnFek/WwDIrFLe3x5FgA5i9Ejdm einMNndvLTlEC7ajIPPtivo7YdDGVgdD5z/pXxGeRntskZRs1H58G/FwqeoI+xej1s UHtL0mq8G1CtrgP88D+o9bPolsdqRSGkIkojAy+s=
From: "Philipp S. Tiesel" <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2573/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] introduce a version alias mechanism (#2573)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cac7d8c52492_582c3fd147ad45b411001f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: philsbln
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 09 Apr 2019 11:10:08 -0000

philsbln commented on this pull request.

I just realised that requiring the server to announce (some of the) version aliases over the whole lifetime may give us downgrade protection for free. That also allows us to keep version alias and version downgrade protection separate.

> -
+## Version Aliases
+In order to avoid ossification of the version number defined by this draft,
+servers announce a list of version numbers that they interpret as an alias for
+the version number used in this draft. Alias versions MUST NOT be a reserved
+version. Servers SHOULD send at least one version alias, and SHOULD frequently
+change the value that they announce. Each version alias contains a lifetime,
+which indicates how long the server will accept this version alias. It also
+contains an initial salt, which is used instead of the initial salt as defined
+in section 5.2 of {{QUIC-TLS}}. The list of version aliases is sent in the
+server's Transport Parameters (see {{transport-parameter-definitions}}).
+Clients SHOULD remember the aliases and use it for subsequent connections to the
+same server in the future. This applies to both 0-RTT connection as well as
+connections that don't use 0-RTT.

We should add a note that Version Aliases must not be advertised during version negotiation

Version aliases MUST NOT be advertised in version negotiation Packets to avoid conflicts with future versions and experiments.

> @@ -4115,6 +4130,25 @@ preferred_address (0x000d):
 {: #fig-preferred-address title="Preferred Address format"}
+version_aliases (0x000e):
+: A list of version numbers that the server accepts as an alias for the
+  currently used versions. This transport parameter is only sent by the server.
+  Every version alias contains a lifetime in milliseconds. The alias is only valid
+  for that lifetime, clients MUST NOT use it after expiry.

Should we require the server to announce (some) of the version aliases during their whole lifetime to enable the client to detect downgrade attacks?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: