IETF Logo Mail Archive

Re: QUIC ossification

David Schinazi <dschinazi.ietf@gmail.com> Wed, 13 February 2019 00:13 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57D2C1228B7 for <quic@ietfa.amsl.com>; Tue, 12 Feb 2019 16:13:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ETIh-IREG89 for <quic@ietfa.amsl.com>; Tue, 12 Feb 2019 16:13:20 -0800 (PST)
Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD8321200D8 for <quic@ietf.org>; Tue, 12 Feb 2019 16:13:20 -0800 (PST)
Received: by mail-pg1-x533.google.com with SMTP id i130so265768pgd.1 for <quic@ietf.org>; Tue, 12 Feb 2019 16:13:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SKvlQa3pCgUbuBt/vOBfHLbwvp89honkwGTiO/RZSGI=; b=AJLM5Nxh/Ehg5a73+tMzgXu6QPGjot5X65ekwPS1bbGqCEhJi6yB3ZtfJbneMCNiB/ AkWf/9P8El40LAXNBn368OiApTkOc71jTEM9BQVgl/aWufko5F/3+ecoypSdPm+JsOo3 4AWsDeinDEGUE7Iy5qZV8Xf2I6503bz4pvQiOYfM1FMd6yt6fTSCQns4SQ1weBtaXPvs rDt2k158i7ntPgrGSdK8oyb8w8vmCdhUmlS8lsGvVTOUy43vmqazTq7US2qV3/Rgv1cW bzVns9/1pNXAwWbbv7Beg2C+0TOqJ7Hoih4aPeTy+8+6Xxm1iSYZUzj75gYtsnseOEvs 8ZCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SKvlQa3pCgUbuBt/vOBfHLbwvp89honkwGTiO/RZSGI=; b=uZfBXXt3iU8KfFfgJ11c82Mvkt4oSYBZaiGilfiolRnw4k7JQeG8Mbav3fPDUqBhMm V+8a0+PfgnAQeHiQVCb0MnVinkluVOKkHe8g6uD0KJQ/TmMfBXqiKapmBKgUVdDt/WqT 3c8MHq/7O3rR06H5+Fsih8f0T6cC8yxOpdknNyxD1VfCnc2Sn1bQbfpfIfK6d1Ps2AD9 yarcfx+pehHNfvNzhGv9m1ulnlH8t1IKF6r+p8nKkojo/mc9owCkquJBz2iokYdbaUAU k7g9WOZ/8DZXUze6SVx8aRJdN0Secozya+f1aIYGRdcAAYVZpHVA5AtjuwWibJncNCmN rwHQ==
X-Gm-Message-State: AHQUAuY+24cwU4IiTJpDkTZDsZ9ypsJazcA/wlM00/IORFaIRm9X+OrI NlOnnrYMfHlr9IBhyzidh0e5PS8fv0Umd7dvz0RDBEcU
X-Google-Smtp-Source: AHgI3IbjIjHO+6nssdNH7wLB9yKQWDN+v7Gmns1BQ7PDuhjV2uqM788bFAqaSiNojhRl/v2wEMaqYf+o3wl5kmeTBT0=
X-Received: by 2002:a63:1ce:: with SMTP id 197mr6063959pgb.47.1550016800103; Tue, 12 Feb 2019 16:13:20 -0800 (PST)
MIME-Version: 1.0
References: <CAM4esxTm0GiXnow4Vyv0UX6kFW4U3zJgVrN_JzD31Sm6sxoYGg@mail.gmail.com> <1550007332.441557.1656692832.0E5412AE@webmail.messagingengine.com> <9425344B-D72F-474D-A549-AA2453E57F19@fb.com>
In-Reply-To: <9425344B-D72F-474D-A549-AA2453E57F19@fb.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Tue, 12 Feb 2019 16:13:08 -0800
Message-ID: <CAPDSy+5LikoojquLhaW58DbJ3VrGXUViaD0aHcTkxBJGzFjgQA@mail.gmail.com>
Subject: Re: QUIC ossification
To: Roberto Peon <fenix@fb.com>
Cc: Martin Thomson <mt@lowentropy.net>, "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c4219f0581bb6849"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/2dbMCxRHY7Y_hUCVDoFCEeh1YQ4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 00:13:22 -0000

I think we may be able to limit ossification of version numbers by adding
some GREASE to the (upcoming) in-band compatible version upgrade extension
(what used to be EKR's PR). The idea of that extension is that the client
sends a QUICv1 initial containing a transport parameter indicating it
supports this extension and what versions of QUIC it supports. The server
can then send its replies with a new QUIC version number. Back to GREASE:
one option here would be for us to burn some versions for "v1 compatible
version negotiation greasing" (similar but different to 0x?a?a?a?a) and
servers can in-band upgrade to those versions. But we could also do that in
the reverse direction: the servers advertise support for one of these in
Alt-Svc and clients send their Initial to that version, and the server can
then perform in-band version change to v1, to another of these versions, or
just keep the client's version for the life of this connection. This will
cause ossifying middleboxes to break these connections.

Thoughts?

David

On Tue, Feb 12, 2019 at 2:15 PM Roberto Peon <fenix@fb.com> wrote:

> My fear/experience around this is why I'd strongly recommend doing a QUIC
> V2 as soon as possible where the delta from V1 -> V2 is limited to *solely*
> what is necessary for version negotiation.
>
> We can simultaneously have a V3 conversation which would  include whatever
> else we decide we need to change/add as a separate conversation which
> depends on V2.
>
> -=R
>
> On 2/12/19, 1:36 PM, "QUIC on behalf of Martin Thomson" <
> quic-bounces@ietf.org on behalf of mt@lowentropy.net> wrote:
>
>     On Wed, Feb 13, 2019, at 08:18, Martin Duke wrote:
>     > 1) Version. I can't think of any immediate negative consequences for
> a
>     > middlebox that drops any long header with a version > 1. TLS 1.3 had
> to
>     > surrender to this problem by hiding the version elsewhere.
>     >
>     > We might avoid this by routinely coalescing long headers with random
>     > version fields to connection-critical packets. Beyond that, I'm out
> of
>     > great ideas. If we don't have a robust defense against this, we
> ought to
>     > put some thought into how to deploy a v2 if the version fields is
>     > inoperable.
>
>     As Mike points out, the Length field is version-specific, so there is
> no real defense here other than - as many have suggested - using the
> version field actively.  That means shipping another version.  In a sense,
> the fact that Google are still not on the same version gives us some time,
> but it could mean that we might want to look toward having the "add version
> negotiation and fallback protection" draft define a version rather than an
> extension.
>
>     > 2) Client Transport Parameters. Initial Keys will help a little bit,
> but in
>     > TLS1.3 CCS still sorta exists because middleboxes are inspecting
> packets so
>     > deeply. It's not viable for v2 to have the same transport
> parameters; it's
>     > only slightly less gross to send v2 client TPs in some later message
> and
>     > have to send a fairly bulky "fake" set of v1 TPs in the client hello
> to get
>     > through the network.
>
>     I'm not concerned about transport parameters if the above issue is
> fixed.  TLS had no real issues with extensions, and it looks like we
> already have the start of a pipeline of extensions coming.  v2 can share
> the transport parameter extension, unless we decide to change the format in
> a non-compatible way.
>
>     (Note: CCS in TLS 1.3 only exists because middleboxes were inspecting
> a lot, yes, but it also indicates that they weren't inspecting enough,
> because the compatibility hack we have wouldn't work if they did a proper
> job.)
>
>
>
>

v2.23.0 | Report a Bug | By Email