Re: Proposal: Run QUIC over DTLS

Christian Huitema <huitema@huitema.net> Tue, 06 March 2018 15:45 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2899127076 for <quic@ietfa.amsl.com>; Tue, 6 Mar 2018 07:45:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FO6KvYXHmhYz for <quic@ietfa.amsl.com>; Tue, 6 Mar 2018 07:45:50 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D6B3124E15 for <quic@ietf.org>; Tue, 6 Mar 2018 07:45:50 -0800 (PST)
Received: from xsmtp03.mail2web.com ([168.144.250.223]) by mx62.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1etEmh-0006oI-OM for quic@ietf.org; Tue, 06 Mar 2018 16:45:48 +0100
Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp03.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1etEmf-0007u7-0N for quic@ietf.org; Tue, 06 Mar 2018 10:45:45 -0500
Received: (qmail 26988 invoked from network); 6 Mar 2018 15:45:43 -0000
Received: from unknown (HELO [192.168.1.101]) (Authenticated-user:_huitema@huitema.net@[172.56.42.195]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <quic@ietf.org>; 6 Mar 2018 15:45:43 -0000
To: quic@ietf.org
References: <CABcZeBO9g5vnPK2aGYEUOYOkT-898Gc0-d4T=kDvxuE2Yg6kMQ@mail.gmail.com> <CANatvzyevZrZciO3fTWFspp9utjKv9Z+PQ5F=yHKNBabssEsNw@mail.gmail.com> <MWHPR15MB182183BE8E6E0C3A97795315B6D90@MWHPR15MB1821.namprd15.prod.outlook.com> <CANatvzzARjNdr6Rms0r0yVn41JwtU6p9uNueq_ZROVzU19-1+A@mail.gmail.com> <b32d00a03ca148eca5a16e572d1030a0@usma1ex-dag1mb5.msg.corp.akamai.com> <CABcZeBMyKY8d3OUwF11NqYvgNswD7F1S8R7rXrKYXTaNPTkOxw@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <87ab419b-f9c1-fedd-db65-c2f38462bb0b@huitema.net>
Date: Tue, 06 Mar 2018 07:45:41 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBMyKY8d3OUwF11NqYvgNswD7F1S8R7rXrKYXTaNPTkOxw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Subject: Re: Proposal: Run QUIC over DTLS
X-Originating-IP: 168.144.250.223
X-AntiSpamCloud-Domain: xsmtpout.mail2web.com
X-AntiSpamCloud-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-AntiSpamCloud-Outgoing-Class: unsure
X-AntiSpamCloud-Outgoing-Evidence: Combined (0.64)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5gSsJveXuhhfM1B3D+qviRp602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO37pNwwF1lRXh5rzvPzo9Jts1ujulqUFmMITHM77eiViAu/0gNOhruMw7W8q8BYwwM7i TvJ2/ZGzVWB9scFAaCdIFaUvXN+CI+RGy3Me16pBCnY1T4UEFfy74vbELeG6IB/TBCf6oYXAWGet lavcAjD9ytQxIHf9lN5jjLJaPK8lRJSPf/SXbEnDSsal/zZzc4n9VZdr7RAFD5mRwooUYhwMPaBP aKeQW+/QlaOdv8isl/qMm08Zpim2AHUKEWvQ6G/bWfgucjnNmABpGhD9TTttrFCuZ0NkwnSz2Luu o1u9uevuNfM1HjkNEFwape+IgNezYqxGMqsKjARq8PBC4qjSYb8Ll5Ew7esaVIVXxqL4mdySlZou 9qHIGOZDEEo7Oyc1nq0gsY582CWqKjiRB3upW940lL8kAcN44/h+EKQY5T+fsIz86TG72Lx5ZI1p INh8UHPssUrY3MbbkBcNcJMxSD+JrJzB/ISPedeb5WKXwjbG0YP/5jdIxfHUqmYjeBpBOi7IfT+J o+6tsQI5W/ewkYi/XXej6UeAUN96sXI71lsFqhWb3P21BZ9jlHPbPFwq1OWq5AgT2u0X1EqIKkuY N2TKwXSs5yzvA+Jj8cparOr3e9uZYNezbxzCM5Ox61Tp2gXSVLKddY+PiDzhx2dc9aUV1oY4fX3W 5eOCNA395VKQZZ28EUZBFBO/fNvHx3CWeDma04jVK+GALZ9kurnuymSkQySlRRw9754xJI2lUW/F XbMuS2WlB161/YGFavTgs5pdKJpNpy9rpzw+UwWR2z7Rjs3BT1o4+6YSC6IfVgW9/bktU41htiJ8 fk7NkCSgONC3rqaXJrYXVXXByjf4baeCkx0hN8MDgAhE+CBnCUTZMc2PfI2VFTu1YYhfjg==
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/5flvdC1e_XPvkje3xc7uB3e5IpE>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Mar 2018 15:45:52 -0000


On 3/6/2018 7:12 AM, Eric Rescorla wrote:
> FWIW it is possible to move the style of version negotiation from my
> draft directly into the current draft if we so wanted. It's just that
> it's necessary if QUIC is at the bottom of the stack and so is a nice
> extra win.
>
> Specifically, we would have the version in the long header In Initial
> refer not to the QUIC version we want to negotiate but rather to the
> version whose obfuscation method we are using (probably the client's
> minimum). The CH would then have an extension which contained the QUIC
> versions we support (as in TLS.supported_versions) and then the SH
> would contain both selected versions. We could have the remaining
> obfuscated long header packets could use *either* obfuscation version.
> The encrypted long header packets would of course use the negotiated
> versions.
>
> A few notes:
>
> - The CH always comes in one packet so that you don't have to worry
> about it being immediately available to the server
> - The SH may be broken up but as noted above, the obfuscation version
> isn't part of the negotiation.
>
> As with my draft, this would give you 1-RTT negotiation if the client
> obfuscated with a version the server knew and 2-RTT if the client
> obfuscated with a version the server didn't know, as opposed to always
> having 2-RTT
>
> If people think they like this idea, I'd be happy to write it up a
> separate PR.
>
Seems like a good idea, yes. Waiting to see the PR!

-- Christian Huitema