Re: Version negotiation: the bare minimum?
David Schinazi <dschinazi.ietf@gmail.com> Wed, 17 March 2021 00:42 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E3AA3A1543 for <quic@ietfa.amsl.com>; Tue, 16 Mar 2021 17:42:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ybEMyQ6Air2z for <quic@ietfa.amsl.com>; Tue, 16 Mar 2021 17:42:08 -0700 (PDT)
Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89E0A3A1545 for <quic@ietf.org>; Tue, 16 Mar 2021 17:42:08 -0700 (PDT)
Received: by mail-pg1-x52c.google.com with SMTP id w34so22691957pga.8 for <quic@ietf.org>; Tue, 16 Mar 2021 17:42:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z5sCTqejASLQtNwX1aKxRa8aQdL8GnWAEDyBG+e4Os0=; b=LlSnh8imuARoY9TTPnJOeUhZGUxnL3TXIGXkuXLon/Yu2NeUyY9LJXK3T2IzU+QG8v oUrg7jA9T3dnM3GpCnZzu3Xstw+284JMKZODfbksosLgdLi5LgDP5B9e+47me3baXZH0 zCOjFcPuD/38mXDj7PRF6a0oBVa2hFA/TP8BwtoWBiFh5MjqdRsKCtOs1tS1HYksZmav lwx6dtN1y6cWvIisriLbuJn0hWN1yS+oA/TfyBDq6Dsmqx0u4+GliwDuRpbdXT/ivMmn 2GoOoFr1G3EHEfE7JMJ3/Yn3XE59SND6EpIUrBa8uGbrVDGCjjtYha91vhhO6UBwUdcl acOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z5sCTqejASLQtNwX1aKxRa8aQdL8GnWAEDyBG+e4Os0=; b=NAv7TTSirb8uJOd2KBgWK9YtFIEAwFFL118V9+j03ts3x1qobZJDgkWQPE4n8N7Ds1 Lkx9BqOgl6A/3swtzA2zRYEWJ7fBPqYZxmxtrhUkIIr0uHRkmICyuwn1Xv+dnQ9BRnXV 05v2A8NHkXPxMkQlS3bzJfcOoLYehDNpkp5ZWt2Me7Ru3FvJmY+qqoQsvtb0+6RuSOCZ 0UQSbX2Ee8Am48sZyh8yOBOoSNg3FDDH5sQj9Ug8GMABkX1Y8a/2wwRJTY4ajb/u837A coXHB2/B/g8p1WC0MgEw3YBNuOFvWFk24TLBtULVgm3uv/WuOl2/zFSDZo+xRW3DB27u 0ypA==
X-Gm-Message-State: AOAM531SrVopG7bwU1G6wS/3/6x7xUZ4hlx757QNhslmNFYnqOrRFow1 KrwAfVe7Vx1tH5b43cB90I9fxx9Lk7c47vrWp/4=
X-Google-Smtp-Source: ABdhPJy/HD+WBTn+C0yJ7ZMjgZ3P/EZQA77MZgi4+SkoJRgQ1GjBc+ijYRs+unOQyE3l84yEIljnuO0h0igTRKz/fCA=
X-Received: by 2002:a62:1492:0:b029:202:ec35:a893 with SMTP id 140-20020a6214920000b0290202ec35a893mr1889891pfu.22.1615941727089; Tue, 16 Mar 2021 17:42:07 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cm-vWCZEeA+kh-BUF0M0ZhM_ev6R-9DYZgWQCA-byHofQ@mail.gmail.com> <CAPDSy+4QLJnE8njgsP33GQLnwtNH1v6ACbWTfOXhe00jXdwCbw@mail.gmail.com> <6322e767-433c-7181-08ae-897c6625f3f2@huitema.net>
In-Reply-To: <6322e767-433c-7181-08ae-897c6625f3f2@huitema.net>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Tue, 16 Mar 2021 17:41:56 -0700
Message-ID: <CAPDSy+6dH9iVeRxQeAkNqCQKLSP510L3Nm+ZwRYsmQKGaMVNGg@mail.gmail.com>
Subject: Re: Version negotiation: the bare minimum?
To: Christian Huitema <huitema@huitema.net>
Cc: Watson Ladd <watsonbladd@gmail.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009ef73805bdb0c006"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/8hoS7c5u42NKh3ODIpbSfDOSznk>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2021 00:42:10 -0000
Hi Christian, It seems to me that you're describing what's in the VN draft today. What am I missing? David On Mon, Mar 15, 2021 at 9:11 PM Christian Huitema <huitema@huitema.net> wrote: > I have been considering pretty much the same design as Watson. In the > slide deck that you presented, this would be the "compatible" option. > The client would select version X in the QUIC header of the Initial > packet, and format one or several TP stating: > > 1) Version in the QUIC header: X > > 2) Supported compatible versions: Y, Z, T, and maybe Grease. These must > be "compatible" versions. > > The server will: > > 1) verify that the version in the QUIC header is indeed X. If it is not, > close the connection with an error. > > 2) pick one of X, Y, Z or T as the selected version, say Y. > (Questionable whether the version in the QUIC header should be set to X > or Y.) > > 3) Set the TP stating something like "you proposed X and I selected Y" > > 4) Very optionally, mention in a TP that "this server also supports > versions V, W." These might be "incompatible" versions. > > If none of X, Y, Z, T are supported, the server replies with a VN. > > On receiving the server TP, the client verifies that the server saw the > intended version X, and chose one of the supported version. The client > might remember additional version V and W for next time, but that's > extra complexity. > > -- Christian Huitema > > On 3/15/2021 5:18 PM, David Schinazi wrote: > > Hi Watson, > > > > Could you elaborate on your proposal? In particular: > > How does the client transmit its supported versions? > > What does "compatible" mean? > > What does "the server selects" mean? > > What does "the server proceeds" mean? > > > > Thanks, > > David > > > > On Wed, Mar 10, 2021 at 1:55 PM Watson Ladd <watsonbladd@gmail.com> > wrote: > > > >> Dear WG, > >> > >> I'd like to proffer the world's simplest version negotiation scheme, > >> based on comments heard during the meeting today from a number of > >> people. > >> > >> The following weak assumptions are made: the client has a set of > >> versions. The server has a partial ordering on versions: this means > >> that versions are not necessarily preferred over each other (consider > >> experiments where we will do what the client offers first), but the > >> relation is transitive. Then the server selection is a function of the > >> client offered version and supported set. > >> > >> The client transmits its supported versions and a proffered hello > >> version in the first packet. The server selects. If that selection is > >> incompatible they try again with the new selected version transmitted > >> in VN. If it is compatible, the server selects and proceeds. > >> > >> The constraint on the handshake is that the supported versions and > >> offered version and server selection are incorporated on the handshake > >> in such a way that a mismatch triggers failure, and no two different > >> versions can derive the same keys. If we assume that e.g. SHA256 is > >> unbroken this is easy to get. > >> > >> This only permits a downgrade to a version the server was willing to > >> prefer. > >> > >> Sincerely, > >> Watson Ladd > >> > >> > >
- Version negotiation: the bare minimum? Watson Ladd
- Re: Version negotiation: the bare minimum? David Schinazi
- Re: Version negotiation: the bare minimum? Christian Huitema
- Re: Version negotiation: the bare minimum? David Schinazi
- Re: Version negotiation: the bare minimum? Lucas Pardue
- Re: Version negotiation: the bare minimum? Watson Ladd
- Re: Version negotiation: the bare minimum? Christian Huitema
- Re: Version negotiation: the bare minimum? David Schinazi
- Do we need compatible version negotiation at all?… Kazuho Oku
- Re: Do we need compatible version negotiation at … David Schinazi
- Re: Do we need compatible version negotiation at … Christian Huitema
- Re: Do we need compatible version negotiation at … David Schinazi
- Re: Do we need compatible version negotiation at … Kazuho Oku