IETF Logo Mail Archive

Re: Version negotiation: the bare minimum?

David Schinazi <dschinazi.ietf@gmail.com> Wed, 17 March 2021 00:42 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E3AA3A1543 for <quic@ietfa.amsl.com>; Tue, 16 Mar 2021 17:42:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ybEMyQ6Air2z for <quic@ietfa.amsl.com>; Tue, 16 Mar 2021 17:42:08 -0700 (PDT)
Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89E0A3A1545 for <quic@ietf.org>; Tue, 16 Mar 2021 17:42:08 -0700 (PDT)
Received: by mail-pg1-x52c.google.com with SMTP id w34so22691957pga.8 for <quic@ietf.org>; Tue, 16 Mar 2021 17:42:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z5sCTqejASLQtNwX1aKxRa8aQdL8GnWAEDyBG+e4Os0=; b=LlSnh8imuARoY9TTPnJOeUhZGUxnL3TXIGXkuXLon/Yu2NeUyY9LJXK3T2IzU+QG8v oUrg7jA9T3dnM3GpCnZzu3Xstw+284JMKZODfbksosLgdLi5LgDP5B9e+47me3baXZH0 zCOjFcPuD/38mXDj7PRF6a0oBVa2hFA/TP8BwtoWBiFh5MjqdRsKCtOs1tS1HYksZmav lwx6dtN1y6cWvIisriLbuJn0hWN1yS+oA/TfyBDq6Dsmqx0u4+GliwDuRpbdXT/ivMmn 2GoOoFr1G3EHEfE7JMJ3/Yn3XE59SND6EpIUrBa8uGbrVDGCjjtYha91vhhO6UBwUdcl acOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z5sCTqejASLQtNwX1aKxRa8aQdL8GnWAEDyBG+e4Os0=; b=NAv7TTSirb8uJOd2KBgWK9YtFIEAwFFL118V9+j03ts3x1qobZJDgkWQPE4n8N7Ds1 Lkx9BqOgl6A/3swtzA2zRYEWJ7fBPqYZxmxtrhUkIIr0uHRkmICyuwn1Xv+dnQ9BRnXV 05v2A8NHkXPxMkQlS3bzJfcOoLYehDNpkp5ZWt2Me7Ru3FvJmY+qqoQsvtb0+6RuSOCZ 0UQSbX2Ee8Am48sZyh8yOBOoSNg3FDDH5sQj9Ug8GMABkX1Y8a/2wwRJTY4ajb/u837A coXHB2/B/g8p1WC0MgEw3YBNuOFvWFk24TLBtULVgm3uv/WuOl2/zFSDZo+xRW3DB27u 0ypA==
X-Gm-Message-State: AOAM531SrVopG7bwU1G6wS/3/6x7xUZ4hlx757QNhslmNFYnqOrRFow1 KrwAfVe7Vx1tH5b43cB90I9fxx9Lk7c47vrWp/4=
X-Google-Smtp-Source: ABdhPJy/HD+WBTn+C0yJ7ZMjgZ3P/EZQA77MZgi4+SkoJRgQ1GjBc+ijYRs+unOQyE3l84yEIljnuO0h0igTRKz/fCA=
X-Received: by 2002:a62:1492:0:b029:202:ec35:a893 with SMTP id 140-20020a6214920000b0290202ec35a893mr1889891pfu.22.1615941727089; Tue, 16 Mar 2021 17:42:07 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cm-vWCZEeA+kh-BUF0M0ZhM_ev6R-9DYZgWQCA-byHofQ@mail.gmail.com> <CAPDSy+4QLJnE8njgsP33GQLnwtNH1v6ACbWTfOXhe00jXdwCbw@mail.gmail.com> <6322e767-433c-7181-08ae-897c6625f3f2@huitema.net>
In-Reply-To: <6322e767-433c-7181-08ae-897c6625f3f2@huitema.net>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Tue, 16 Mar 2021 17:41:56 -0700
Message-ID: <CAPDSy+6dH9iVeRxQeAkNqCQKLSP510L3Nm+ZwRYsmQKGaMVNGg@mail.gmail.com>
Subject: Re: Version negotiation: the bare minimum?
To: Christian Huitema <huitema@huitema.net>
Cc: Watson Ladd <watsonbladd@gmail.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009ef73805bdb0c006"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/8hoS7c5u42NKh3ODIpbSfDOSznk>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2021 00:42:10 -0000

Hi Christian,

It seems to me that you're describing what's in the VN draft today.
What am I missing?

David

On Mon, Mar 15, 2021 at 9:11 PM Christian Huitema <huitema@huitema.net>
wrote:

> I have been considering pretty much the same design as Watson. In the
> slide deck that you presented, this would be the "compatible" option.
> The client would select  version X in the QUIC header of the Initial
> packet, and format one or several TP stating:
>
> 1) Version in the QUIC header: X
>
> 2) Supported compatible versions: Y, Z, T, and maybe Grease. These must
> be "compatible" versions.
>
> The server will:
>
> 1) verify that the version in the QUIC header is indeed X. If it is not,
> close the connection with an error.
>
> 2) pick one of X, Y, Z or T as the selected version, say Y.
> (Questionable whether the version in the QUIC header should be set to X
> or Y.)
>
> 3) Set the TP stating something like "you proposed X and I selected Y"
>
> 4) Very optionally, mention in a TP that "this server also supports
> versions V, W." These might be "incompatible" versions.
>
> If none of X, Y, Z, T are supported, the server replies with a VN.
>
> On receiving the server TP, the client verifies that the server saw the
> intended version X, and chose one of the supported version. The client
> might remember additional version V and W for next time, but that's
> extra complexity.
>
> -- Christian Huitema
>
> On 3/15/2021 5:18 PM, David Schinazi wrote:
> > Hi Watson,
> >
> > Could you elaborate on your proposal? In particular:
> > How does the client transmit its supported versions?
> > What does "compatible" mean?
> > What does "the server selects" mean?
> > What does "the server proceeds" mean?
> >
> > Thanks,
> > David
> >
> > On Wed, Mar 10, 2021 at 1:55 PM Watson Ladd <watsonbladd@gmail.com>
> wrote:
> >
> >> Dear WG,
> >>
> >> I'd like to proffer the world's simplest version negotiation scheme,
> >> based on comments heard during the meeting today from a number of
> >> people.
> >>
> >> The following weak assumptions are made: the client has a set of
> >> versions. The server has a partial ordering on versions: this means
> >> that versions are not necessarily preferred over each other (consider
> >> experiments where we will do what the client offers first), but the
> >> relation is transitive. Then the server selection is a function of the
> >> client offered version and supported set.
> >>
> >> The client transmits its supported versions and a proffered hello
> >> version in the first packet. The server selects. If that selection is
> >> incompatible they try again with the new selected version transmitted
> >> in VN. If it is compatible, the server selects and proceeds.
> >>
> >> The constraint on the handshake is that the supported versions and
> >> offered version and server selection are incorporated on the handshake
> >> in such a way that a mismatch triggers failure, and no two different
> >> versions can derive the same keys. If we assume that e.g. SHA256 is
> >> unbroken this is easy to get.
> >>
> >> This only permits a downgrade to a version the server was willing to
> >> prefer.
> >>
> >> Sincerely,
> >> Watson Ladd
> >>
> >>
>
>

v2.23.0 | Report a Bug | By Email