RE: QUIC Version Negotiation Extension

Mike Bishop <> Wed, 06 November 2019 18:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C763C12018D for <>; Wed, 6 Nov 2019 10:29:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4uS8olHUtDY0 for <>; Wed, 6 Nov 2019 10:29:35 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 68A3A120901 for <>; Wed, 6 Nov 2019 10:29:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=M6gSmUwCMYhfnH3LArBLH7SAQsRK5ltbAXIoFYNKY7lwxtfHv68/zAHrgwFuTfrV/sV949LYMFF6RE+ndA7L98elnYUBKBZSy7JqtCZJdB4DB/PAgZLgmMcOqlLx6Vgd+AWCZg3DjW0LE5tWEa3806gXDvw9viHcY/Wu1nJqbG609IsnjDMFjSptvOkMRdVjFRlDWqkzRBdsexeEcHYDLVkF+2RBozegHojcFVifpoqEaNV3IbvANkAhJwPUX3rL4hl/UW51a5Vy9U+uB6uRbJr+fI6lWZ1LO3R9jrRinjURB/EOxqrh8DnF0sJJqRHuU445fRvNC6uq9u7bPfK7VQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eYRYwqk1rPVCu8QpEvkG34x2xVcEOI7TCh1LTL8jWCE=; b=HlyJya5xgSYBKV3Sg939JIGdyuZX3jeSbTD4sHE9l0uxhckJ4XZhlV6gjRU/urba+pQzAx03+LGeiBFTcPcI4c+u9YxsZI1oN6eQS1XTUfW/v6AkgR/uAd1Yh+0BiurlcM8DmaODpNUF7Qdc+sJsny6kf8ShawD4aJ7ir7y0bdrK11Tm1t/Vb4pwsjvbblXdGjjtSPDoxJ57vAJ0x6Jg4GsW/I7hcAoulphHa8DAQDdNgIk8Bumynt7UExcAjUIcSUCcTnb4CpXseY1A/tpOAOxcpEV4PMS6uxoWhXhkIfzBk9WPbvMi2VWXLfmUnI3Kz9pouRLAzzv8AfO6J8tZjA==
ARC-Authentication-Results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector2-evequefou-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eYRYwqk1rPVCu8QpEvkG34x2xVcEOI7TCh1LTL8jWCE=; b=gx914GMk/gm8cCL1tJYNAbBOMwdXR2HNmVNZTuYQipOmq4r8RA78fJEpD8ftCiYG4NLTQgDmHblu81YA3GofQSkepGdFX/pvKn4T1lyLm9iYo7r7pgAZjzLgzwl94S6C3Y5tTwlwG7dl/8eAjIfk0+iW4dzzAASw4+pssaS5Hl8=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Wed, 6 Nov 2019 18:29:32 +0000
Received: from ([fe80::7cb4:5e4e:334c:a737]) by ([fe80::7cb4:5e4e:334c:a737%7]) with mapi id 15.20.2408.024; Wed, 6 Nov 2019 18:29:31 +0000
From: Mike Bishop <>
To: David Schinazi <>, QUIC <>
Subject: RE: QUIC Version Negotiation Extension
Thread-Topic: QUIC Version Negotiation Extension
Thread-Index: AQHVk06pHyyhhmroy0SVmtb9ABkIw6d+UXLg
Date: Wed, 6 Nov 2019 18:29:31 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: [2600:2b00:931f:a301:90ae:6813:89d6:cddc]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: db01aff8-6505-4d38-ce98-08d762e74434
x-ms-traffictypediagnostic: BN6PR2201MB1377:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02135EB356
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(366004)(396003)(39830400003)(136003)(376002)(346002)(53754006)(199004)(189003)(76176011)(7696005)(236005)(186003)(790700001)(46003)(2906002)(6116002)(7736002)(606006)(86362001)(74316002)(486006)(81166006)(8676002)(3480700005)(81156014)(476003)(99286004)(6246003)(5660300002)(33656002)(52536014)(25786009)(66476007)(55016002)(508600001)(64756008)(66556008)(66446008)(110136005)(9686003)(256004)(6306002)(54896002)(6506007)(102836004)(446003)(53546011)(11346002)(229853002)(8936002)(316002)(71200400001)(71190400001)(66946007)(76116006)(14454004)(6436002)(966005)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR2201MB1377;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: R7Z5C0K5NpEMf5T9Gq5XXm/OUsMZOwZdJK5kBGnq2gKGnyfH08xX726Hw8rOxH9/JZ90XGeg3YX0RrnyioW0kRpBwBAwqu8k49Do3fAOqe3l5lBpiYp5XnO8ByVDWfpH7Ua6zMrUPMpmt3rpjXHxorcY2Qoydu5L7nBkdWUxYJj9LFr+V3JzWTvstmlPKbiJdK7Qi1CkqWeLVpBn4QrGWUz+ptMEPGBFpvjs+S5oNSMDhzFtA4qcmL4KeErIKQ1E+4mZzFMP4OWrehXEB1AcSTyk/WFR3q1f+vBSQNv/+PXaaDnejKag7ymLv2HaVf6vBPy8IIZTipPGGASq7QzXfMwA/QxPfG8dLH+0c1F7Mnc9NIa9yLqc3Y7AGn/wcoSY8hgmaYVMNCbTjT2ApUbFmQEyCzKfisib2NBkeuyuSdGpols+y9E9kchA3f1rCkWhBV/kg0OAV7wsrshzmp78fbtcRxUCeX8FmlirCMx8KEI=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BN6PR2201MB1700BB1DAD2872A2FA50059FDA790BN6PR2201MB1700_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: db01aff8-6505-4d38-ce98-08d762e74434
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2019 18:29:31.4874 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ruPzDzuqtyQiRNA19o1+P2XXv92jfoNIU665TylpKFSTtVdgHFcyo2OIkPg7CTr/i1LlJUeY6r3so2OaquRexw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR2201MB1377
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 06 Nov 2019 18:29:39 -0000

Some notes:

  *   Section 3:  “Version negotiation takes place after the retry cycle is over.”  This is only possible for compatible versions; if the server does not support the version the client attempted, it obviously cannot send a Retry packet in that version, because Retry packets are version-specific.
  *   Section 3:  “Servers must retain the ability to process the Initial packet from older versions….”  No, it means that if the server wants to avoid a VN packet, it needs to be able to process the Initial packet from the version the client tried.
  *   Section 4:  Rather than putting a count-prefixed list of versions, perhaps consider just embedding the VN packet payload?  It’s equivalent, but easier to explain.
  *   Section 7:  Clearly it is possible to possible to add new frame types to Initial packets in a future version, I think what you mean to say is that this is a change that would break compatibility between versions.

As a general statement on the document, you assume throughout that all versions have packet types, contain packet types called Initial and Retry, and that Initial packets contain frames.  The odds of those things being true across QUIC versions is likely high, but they’re not invariants, so you can’t assume them here.  You need to state general principles, and then use concepts from QUICv1 as examples of the principle.

For example, rather than discussing version compatibility in terms of Initial packets, you might want to say that versions A and B are “compatible” if the first flight of packets sent by the client in version A carries enough information for the server to generate the corresponding flight in version B, the server speaks version B, and is able to parse at least the first flight of version A.

Also not discussed is the case where the server speaks version(s) which are compatible with what the client offered, but doesn’t speak the version the client offered, even enough to generate the response.  With the right definition of “compatible,” this just falls into the “incompatible” path and works for the server, but you need to call out the fact that the client shouldn’t consider it an error if the server uses the incompatible path between versions that the client thinks are compatible.

From: QUIC <>; On Behalf Of David Schinazi
Sent: Monday, November 4, 2019 3:30 PM
To: QUIC <>;
Subject: QUIC Version Negotiation Extension

Hi everyone,

From the recent discussion on multiple PRs, it appears that there might be a need for downgrade-safe QUIC version negotiation, earlier than we expected.

EKR and I updated our extension to hopefully suit these needs:

Comments welcome here or on the GitHub (link in draft).