Version Ossification: Intended Scope for QUICv1
David Schinazi <dschinazi.ietf@gmail.com> Thu, 31 October 2019 21:13 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8CA5120090 for <quic@ietfa.amsl.com>; Thu, 31 Oct 2019 14:13:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FEtFNzQpp3Qx for <quic@ietfa.amsl.com>; Thu, 31 Oct 2019 14:12:59 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BFDB12081B for <quic@ietf.org>; Thu, 31 Oct 2019 14:12:59 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id q64so8097417ljb.12 for <quic@ietf.org>; Thu, 31 Oct 2019 14:12:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=vDDJTVyrM43qYQyvU1BiMOJbJM3rxCznBN4y3dqzSWU=; b=I6nDlrh1iBI669ojSVm+BFvW/UYtRxt5ug67ju2bwEC6mGROtIA0SuBu5CCpJ75Dj4 VdzwAMWN2r2uY6lAZ5M641gNiQxl4gEFsUjYOmfE0rAGvw/nZHK/eGsfIsEJwIsJObfL E0sxH0vs0wtVa/ZnBR9XsXTA/BDCfGg22lZuuVw4tKtPariWTfvrUfDhgI5LUrZD4WvX WA04m++BbOrs662F/+HHhIPPwfKwGWkUcmPSNw6wp8DbYfDESG0dTqtSrLiEc21xUscH 7/8mTZVgN1APr2F1PiADnDuoIrI4iyeCURelEepknd5kmkdYP566kh3x1Ga9ssbzjeXt 5JZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=vDDJTVyrM43qYQyvU1BiMOJbJM3rxCznBN4y3dqzSWU=; b=g5vOl9lqMR8Frq2uZ8xsPJI2m/9wvqROWLefMjCRN5wPbxAlh50B41SpwsmdxRBxzr 7vd4fuSf9Vvqya3/wr9O3qfD03/Fi2MBd1S4QhDNTXNSa9yK5Kh5/X05PTnM2Ej1T0Wz mvNwS9qDrnszGhPgp3fJsdWKiTN9auiQQ5zXihXR86toGANKgYgELrbEEjmY+FjTv4Mg 4MzuyhHRooNiQW+x+v68gHW02rzRUCtMFCwQJcSCd7gSf/Pp5UVRCQwV9C4dafrKTMrf haJUlS+L8iqN1d9xmNxhv1NwC0iTTp3vkFmAzoKHfj7x7QnySdhinzZmAJ7wPRInBsYh Emeg==
X-Gm-Message-State: APjAAAUp0n+q7dac+mpJDgUDugAc2Wr0v1sPqIWkoLE4oh1cHJiMA17s YNUVRDRr9e8/2H8Woib08/o3sd02fPAvjXbxxfZoxuvy
X-Google-Smtp-Source: APXvYqwrAE3WMEBrjerln7dGAWTTLcLW4IZduju855+mC5gA8643pgFhBJtCGl/dj4T0MmGlF8aFm5asUfxcXkjOo8g=
X-Received: by 2002:a2e:b0d9:: with SMTP id g25mr1666642ljl.176.1572556377111; Thu, 31 Oct 2019 14:12:57 -0700 (PDT)
MIME-Version: 1.0
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Thu, 31 Oct 2019 14:12:46 -0700
Message-ID: <CAPDSy+6E79OySoOLbJ8eWp0J-+3yeB5iGvj6sW19bEDn_V7-NA@mail.gmail.com>
Subject: Version Ossification: Intended Scope for QUICv1
To: QUIC <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003f3fa005963b502e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/4g4JeLA-kUEohZphCoIyS9ZoebA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 21:13:02 -0000
Hi folks, The conversation around version ossification has been really interesting since Cupertino. But at least for me it's reached a level of complexity that warrants taking a step back and looking at what we're trying to solve. Here's my understanding of where we are: 1) In Cupertino there was consensus in the room to do something to mitigate ossification of QUICv1. 2) The solution that folks liked was to have a concept of alternative versions and alternative salts that act like QUICv1 but are encoded differently over the wire. 3) A concrete proposal for (2) was for servers to have their own set of (alternative_version, alternative_salt) pairs, then transmit a random pair from that set to each client (i.e. via transport parameters). The server can then reconstruct the alternative_salt just by seeing the alternative_version. 4) Kazuho proposed a solution (#3166 <https://github.com/quicwg/base-drafts/pull/3166>) that was both more powerful and more complex: tie the (alternative_version, alternative_salt) pair to NEW_TOKEN frames, to allow servers to generate a unique alternative_salt per client and encode it in the token. 5) After some interesting back and forth on that PR, it became clear that this is a hard problem to solve: this could cause failures if servers forget their token keys, and mitigations for that problem can become downgrade attack vectors 6) While there was clear WG appetite for (1), I'm not sure we have consensus to build a more powerful solution like (4) I fear that solving (5) could take some time, which would delay QUICv1. Instead I'd like to propose the following plan: a) we take the simpler solution (3) and add that to the spec b) we take the more powerful/complex solution (5) a turn it into a QUIC extension That would allow us to ship QUICv1 with some level of ossification mitigations without delay. Thoughts? David
- Version Ossification: Intended Scope for QUICv1 David Schinazi
- Re: Version Ossification: Intended Scope for QUIC… Kazuho Oku
- RE: Version Ossification: Intended Scope for QUIC… Mike Bishop
- Re: Version Ossification: Intended Scope for QUIC… Martin Thomson
- Re: Version Ossification: Intended Scope for QUIC… Jana Iyengar
- Re: Version Ossification: Intended Scope for QUIC… Martin Thomson
- Re: Version Ossification: Intended Scope for QUIC… Jana Iyengar
- Re: Version Ossification: Intended Scope for QUIC… Mikkel Fahnøe Jørgensen
- RE: Version Ossification: Intended Scope for QUIC… Lubashev, Igor
- Re: Version Ossification: Intended Scope for QUIC… Eric Rescorla
- Re: Version Ossification: Intended Scope for QUIC… Christian Huitema
- Re: Version Ossification: Intended Scope for QUIC… Ian Swett
- Re: Version Ossification: Intended Scope for QUIC… Roberto Peon
- Re: Version Ossification: Intended Scope for QUIC… Marten Seemann
- Re: Version Ossification: Intended Scope for QUIC… Eric Rescorla
- Re: Version Ossification: Intended Scope for QUIC… Martin Thomson
- Re: Version Ossification: Intended Scope for QUIC… Ian Swett