Re: Proposal Towards Universal HTTP/3, with a polyfill of QUIC for TCP (Fwd: New Version Notification for draft-kazuho-httpbis-http3-on-streams-00.txt)
Dmitry Adamushka <dmitry@twingate.com> Thu, 22 February 2024 15:42 UTC
Return-Path: <dmitry@twingate.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A3BEC15152E for <quic@ietfa.amsl.com>; Thu, 22 Feb 2024 07:42:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_PNG_UNO_LARGO=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=twingate.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id evNYWAdXgHKl for <quic@ietfa.amsl.com>; Thu, 22 Feb 2024 07:42:07 -0800 (PST)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7815DC14CE36 for <quic@ietf.org>; Thu, 22 Feb 2024 07:42:07 -0800 (PST)
Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-564a53b8133so5285282a12.0 for <quic@ietf.org>; Thu, 22 Feb 2024 07:42:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=twingate.com; s=google; t=1708616526; x=1709221326; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=a5KDsr/KhHSPrJBnl3jURvAdQOs04SsABDDzcZ26YQw=; b=kgKrzKmee/v5uoz7agjPBIkty9LiYs1K/ca/U2+euUMDMT1VgvWVOr/kbwfjnK3N/b 8kgevnYsCr3apBqQHrTOYkbtFxNbQOTWdpSMlFJxknFgXoKSogVUyqK7Lj5GZ+Sh0Y2e I4bpSOOOZoNAnWZSk7qPuuY7AzF32z1RL181w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708616526; x=1709221326; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=a5KDsr/KhHSPrJBnl3jURvAdQOs04SsABDDzcZ26YQw=; b=ryhIK72Ts6hQm8sj+7i4ej33lNuAhmhN930IW8Z9Azr6crqxqzQq1zU5zvCzrWSb3b cByK2OXxCGjZ978ryBibIDpfaVp9SssU8zICsxpbZp7+ppi5IvcrIyZE6lmiJTN0+w5a s5zLDAepxu7nTqdGWQEsSzlL8oEnvois47sv1m26EmFAdIzZ7j89ns+7ZNzbVe3BtPC8 OCZxeg0S7Rw9iRTxcE5fiFo7ta7jlX9DORmCWd2b3xAaCs/GKBcgbNRzGzm+FNE2e3oM 3C7GdAFUqlelbraKVg3e3mG5j6cBnjqtUl2pVZvP4GR9uwngoQW0e4Zf4SQ0M3sla1ua SJUA==
X-Gm-Message-State: AOJu0YyA+jlBs/rnyTHKYXmAlvoSTgmYu/9uDpNRoQT5BSmC3MaWalcs /XdSg5pEg0U4C4B6HcLyJId6G+P+HO4zGlFktwAQbQN7iJpiC/LNMphOlb4+MtmCpjXHi+Cehh9 t3DnU2Nq0xesyX06OBgPUtlszzxi9nhzwe1DAWA==
X-Google-Smtp-Source: AGHT+IE2CimluOrT2/m1P4d4xSxNsE7WV99wXxpepaoGWVP3on7BoSyBwqXOcPFB1VhPmmzk6MDdT0mK2Zncb0RFoB0=
X-Received: by 2002:aa7:d508:0:b0:564:5407:ce22 with SMTP id y8-20020aa7d508000000b005645407ce22mr8408166edq.21.1708616525419; Thu, 22 Feb 2024 07:42:05 -0800 (PST)
MIME-Version: 1.0
References: <170807134367.25372.9131938145722079298@ietfa.amsl.com> <CANatvzyLJnZH9UHaSoMWbv20VhEtAzY7HqRHCSWt-O65f24uwQ@mail.gmail.com> <CAFyC=UcyG1OGprsTWvkEBK-tf-Oqs=HPmxZs8X42XR+yfgfv0w@mail.gmail.com> <CANatvzx-YSouO5aA0T4RXjXm9aTWGGf1HUut39an+2HAYTY_kA@mail.gmail.com>
In-Reply-To: <CANatvzx-YSouO5aA0T4RXjXm9aTWGGf1HUut39an+2HAYTY_kA@mail.gmail.com>
From: Dmitry Adamushka <dmitry@twingate.com>
Date: Thu, 22 Feb 2024 16:41:53 +0100
Message-ID: <CAFyC=UeQ73EiLpP44AN0RqTf91VH3+ULr_df8y3A7s36POy9cA@mail.gmail.com>
Subject: Re: Proposal Towards Universal HTTP/3, with a polyfill of QUIC for TCP (Fwd: New Version Notification for draft-kazuho-httpbis-http3-on-streams-00.txt)
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: IETF QUIC WG <quic@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/related; boundary="0000000000000e59620611fa49a9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/1-PqQKVfk-oQD9-0igR2hXFnobI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Feb 2024 15:43:41 -0000
Hi Kazuho, > I am interested in what constraints this use-case introduces to QUIC on > Streams. Am I correct to understand that your interest in forwarding the > stream-related frames of QUIC (and possibly also DATAGRAM frames) through > multiple hops, with each hop being either QUIC v1 (UDP) or QUIC on Streams > (TCP)? > Yes, but there is more to it. And as you suggested, I'm also sharing our use cases with the mailing list. If nothing else, maybe some people will find them interesting or entertaining. In principle, it looks like QUIC on Streams takes just the streams/multiplexing part of QUIC and runs it on TCP/TLS-like transports. Our use case seems to require 'QUIC on Streams' + 'QUIC v1 crypto'. I wonder whether it is so extremely unusual or not. Let me elaborate. QUIC on Streams is designed to work on top of transports that provide the 4 capabilities listed in 3.1. <https://datatracker.ietf.org/doc/html/draft-kazuho-quic-quic-on-streams#section-3.1>Properties of Underlying Transpor <https://datatracker.ietf.org/doc/html/draft-kazuho-quic-quic-on-streams#name-properties-of-underlying-tr> t. For QUIC v1, the underlying transport is plain UDP, which doesn't provide any of these 4 capabilities. Thus, it's either all four or none, which prompts the question: are there any useful transports* that possess only a subset of these capabilities? We want end-to-end Client<->Connector QUIC connections (which represent secure tunnels) between Clients and Connectors. The streams of these QUIC connections carry the payload of the user's TCP (transparently terminated by our proxy on the Client side) or UDP flows. Both Clients and Connectors are transport-layer proxies. [image: design2(5).png] Path 3 is the classical QUIC v1. Path 4 is addressed by QUIC on Streams. Paths 1 and 2 consist of multiple transports, each possessing all four capabilities. However, as a whole, these paths lack 'Confidentiality and Integrity' because of the presence of Relay. For Paths 1 and 2, we would need something like 'QUIC on Streams' + 'QUIC v1 crypto'. It would need to start with a TLS handshake similar to regular QUIC v1. Then, its behavior might resemble QUIC on Streams, but with QUIC frames likely embedded into QUIC packets -- providing cryptographic functions but no reliable delivery, congestion control, or other QUIC v1 services. There is another possibility for using Path 2 with QUIC v1. Path 2 is special because it can either possess three capabilities (in-order-delivery, reliable-delivery, congestion-control) or only (congestion-control*) when QUIC DATAGRAMs are used for tunneling. On one hand, if we intend to tunnel QUIC packets through this path, congestion control may be redundant here (which is anyway the case with some QUIC implementations). On the other hand, it might be preferable to keep congestion control enabled on these two connections but disable it on the end-to-end QUIC connection. Now, another outrageous question: Would it be useful to have Multipath QUIC running simultaneously on top of UDP and TCP/TLS at least? The ideal case for us is to have a single QUIC connection (secure tunnel) working on top of all these paths above. One of the user use cases is to allow uninterrupted migration of user flows, say, SSH sessions, between network paths. For example, an SSH session starts through a Relay (Path 1 or 2) and later switches to a peer-to-peer path (Path 3) once it becomes available. Kind regards, Dmitry
- Proposal Towards Universal HTTP/3, with a polyfil… Kazuho Oku
- Re: Proposal Towards Universal HTTP/3, with a pol… Hugo Landau
- Re: Proposal Towards Universal HTTP/3, with a pol… Willy Tarreau
- Re: Proposal Towards Universal HTTP/3, with a pol… Poul-Henning Kamp
- Re: Proposal Towards Universal HTTP/3, with a pol… Lucas Pardue
- Re: Proposal Towards Universal HTTP/3, with a pol… Behcet Sarikaya
- Re: Proposal Towards Universal HTTP/3, with a pol… Kazuho Oku
- Re: Proposal Towards Universal HTTP/3, with a pol… Stefan Eissing
- Re: Proposal Towards Universal HTTP/3, with a pol… Victor Vasiliev
- Re: Proposal Towards Universal HTTP/3, with a pol… Watson Ladd
- Re: Proposal Towards Universal HTTP/3, with a pol… Christian Huitema
- Re: Proposal Towards Universal HTTP/3, with a pol… Willy Tarreau
- Re: Proposal Towards Universal HTTP/3, with a pol… Paul Vixie
- Re: Proposal Towards Universal HTTP/3, with a pol… Kazuho Oku
- Re: Proposal Towards Universal HTTP/3, with a pol… Michael Welzl
- Re: Proposal Towards Universal HTTP/3, with a pol… Hugo Landau
- Re: QUIC on streams compared to Minion (was Re: P… Lucas Pardue
- Re: Proposal Towards Universal HTTP/3, with a pol… Matt Mathis
- QUIC on streams compared to Minion (was Re: Propo… Lucas Pardue
- Re: QUIC on streams compared to Minion (was Re: P… Michael Welzl
- Re: QUIC on streams compared to Minion (was Re: P… Michael Tuexen
- Re: Proposal Towards Universal HTTP/3, with a pol… Lucas Pardue
- Re: Proposal Towards Universal HTTP/3, with a pol… Florentin Rochet
- Re: Proposal Towards Universal HTTP/3, with a pol… Dmitry Adamushka
- Re: Proposal Towards Universal HTTP/3, with a pol… Roberto Peon
- Re: Proposal Towards Universal HTTP/3, with a pol… Lucas Pardue
- Re: Proposal Towards Universal HTTP/3, with a pol… Kazuho Oku
- Re: Proposal Towards Universal HTTP/3, with a pol… Kazuho Oku
- Re: Proposal Towards Universal HTTP/3, with a pol… Roberto Peon
- Re: Proposal Towards Universal HTTP/3, with a pol… Lucas Pardue
- Re: Proposal Towards Universal HTTP/3, with a pol… Kazuho Oku
- Re: Proposal Towards Universal HTTP/3, with a pol… Lucas Pardue
- Re: Proposal Towards Universal HTTP/3, with a pol… Lucas Pardue