Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS
Eric Rescorla <ekr@rtfm.com> Tue, 01 October 2019 20:51 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70037120089 for <quic@ietfa.amsl.com>; Tue, 1 Oct 2019 13:51:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TQBbtMlQORBN for <quic@ietfa.amsl.com>; Tue, 1 Oct 2019 13:51:03 -0700 (PDT)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED13F12006F for <quic@ietf.org>; Tue, 1 Oct 2019 13:51:02 -0700 (PDT)
Received: by mail-lf1-x129.google.com with SMTP id t8so10935763lfc.13 for <quic@ietf.org>; Tue, 01 Oct 2019 13:51:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jHHFmeo/gqHAA9thnDWNZ5Oc7FmaUY6Re9k99cpH4d4=; b=JgJJ257LC6Au5TjkoPDOd4YjOnzXPbK6d5zA0ghMUXdEWGFmaHe/AutxZXEbsaFWVs 9GjgNwGJ3f1chtyjCmuvl1OJZpMQtX2aouEvUnmc2KQsryvThu1yniHKanndDzDS/KMo L2HVWNqwndQXvmCM7O6xS3UqwibxSds5prUzihYs7q1JL6kicYJ6BFVZmfDA/dV5WCvz dQcxnrO0yc9D4QEgMcgWUOaqPT0oBcM8ljcajG5pdtXe0yPAFmXyAxbp0sqpYS0eutRJ VU3vP5w7cu1c/NYpR+n7xfz4WHr6lvHz6rR9BGQpdzqqe65h63S+4aqAZ0Z4OuNSfQfY vKmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jHHFmeo/gqHAA9thnDWNZ5Oc7FmaUY6Re9k99cpH4d4=; b=MJ2ZcJoJvVSe8LuEOWXVbc0PawK2o6Cuo43gYqxD03YXwnKKaUVaD+JSy+TKWtQkLg dr3fEHFSws2MDQp6XGpPty/CZJCaFoz0VIbufc2u0S1gkAY5YFpoRPZFeUT6TAMrjpFi slLDsanwoKTO9dOkeLxiPfzeDDrekWeNclqYP862ETTWlDpQiH6g6d00T4i3HsU34lxX 7Z6fH17gL3UmP1kFwTd5FnVwyiH6nUVyh0Nh0Cax8bB/MJzq5WDyRjwZIOkTQkQEu8Id Duh78+v6BTrB6w9MGnuMYx0wzGt4MlYnFJm1zOaC5BUi51ozJz2d6JHb+h+kNjw0hw2d BZSQ==
X-Gm-Message-State: APjAAAWrn/HGaJgPTThxq3CxUIBMr56GLhdzesYuSHDXYIMHJ0TCvNBR B+Ium1gXWR8AK92+0R7JAV1pX69/OJicsGoT1xIfbQ==
X-Google-Smtp-Source: APXvYqxd6wLhFNfNmmYQzCa9Y0mMDU5T+RNTAXzHVpD07r9now2N0lIzCx4rn9tLsdkgmuWKQcBMEtjXiKra1G+KlOg=
X-Received: by 2002:ac2:5a19:: with SMTP id q25mr16098798lfn.178.1569963060995; Tue, 01 Oct 2019 13:51:00 -0700 (PDT)
MIME-Version: 1.0
References: <CACdeXiLEnvmqmxSgXbvAwEo0rgm-F59RL2sk0Ugu6PNuiDkfsw@mail.gmail.com> <CA+9kkMCOx-3cBq1_X4acHPjKtWUYSFLiLsu8HuEFOmDKxv7aww@mail.gmail.com>
In-Reply-To: <CA+9kkMCOx-3cBq1_X4acHPjKtWUYSFLiLsu8HuEFOmDKxv7aww@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 01 Oct 2019 13:50:24 -0700
Message-ID: <CABcZeBNL0AYJF6J5Dn8LYYfK+Gv39_LPknSNtrMgRcp_tgayZQ@mail.gmail.com>
Subject: Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Nick Harper <nharper=40google.com@dmarc.ietf.org>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008fc0490593df8261"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/F4kFCTaRwVSUwnb8MpEDefSOjLI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 20:51:05 -0000
Does this need to be a 1.0 feature? On Fri, Sep 27, 2019 at 12:13 PM Ted Hardie <ted.ietf@gmail.com> wrote: > Hi Nick, > > Two points in addition to the privacy issue already raised make me concur > with Roberto that this should be v2 or later. The first is this: > > "Negotiating or advertising features is something multiple > applicationswill need to do and is not a feature specific to H3." > > Absolutely true, but there is also a fairly large variability in how > applications do this. If we design something now that works for H3, it may > very well be sub-optimal or useless for later application targets. Getting > something general enough to handle DNS, WEBRTC, SMTP, plus the various > flavors of IoT protocols I've heard as targets hoping to move to QUIC is > going to take time and care, and it will block completion of v1. > > The second is this: > > *The other downside is that if too much data is put in application > parameters, it could cause the number of packets for a client or server’s > flight to go from N to N+1, which would increase the chance of head of line > blocking. > > Depending on what counts as application parameters, this could be more > than N+1. Someone running NETCONF over QUIC, for example, would be using a > fairly verbose syntax in which each parameter is a full URN. > > regards, > > Ted Hardie > > > On Thu, Sep 26, 2019 at 5:52 PM Nick Harper <nharper= > 40google.com@dmarc.ietf.org> wrote: > >> I propose introducing application parameters to the QUIC handshake and >> using this new mechanism for H3 SETTINGS instead of sending them as >> the first thing in the control stream. Application parameters would >> allow applications using QUIC to advertise or negotiate >> application-specific parameters during the cryptographic and transport >> handshake. It would guarantee that the client and server have >> exchanged their application parameters once the handshake is complete. >> >> Specifically, I’m proposing a new “application_layer_parameters” >> transport parameter, which when sent by the client is a series of ALPN >> identifiers with an opaque blob of application parameters per >> identifier, and when sent by the server is a single opaque blob of >> application parameters for the application identified in the ALPN >> extension. >> >> Negotiating or advertising features is something multiple applications >> will need to do and is not a feature specific to H3. Whatever we do in >> H3 will likely be copied by other applications using QUIC. By >> providing a general mechanism in QUIC transport, we provide >> applications with a consistent way of achieving this goal. QUIC has a >> design pattern of collapsing multiple layers into one to save on round >> trips (e.g. combining crypto and transport handshake); this fits in >> with that pattern. >> >> Using application parameters for H3 SETTINGS clears up some issues. H3 >> doesn’t need to specify that an endpoint shouldn’t wait for its peer’s >> SETTINGS since they’ve already arrived. Likewise, there is no >> confusion about whether SETTINGS arriving after session tickets are >> bound to the session tickets; SETTINGS arrives before the tickets and >> the client doesn’t need to wait for the receipt of SETTINGS to bind >> them to the ticket. It also simplifies the server binding SETTINGS to >> the ticket since that is done as part of binding transport parameters >> to the ticket. >> >> This also provides opportunities for future features. Since the >> exchange of SETTINGS occurs before application data, a new feature >> doesn’t need to be specified in a way to provide an upgrade path from >> “vanilla” H3 to something including this feature, and instead be >> guaranteed that the new feature can be used for the entire connection. >> >> Without application parameters, each application that needs to >> advertise or negotiate application settings needs its own mechanism to >> do so. This would result in multiple transport parameters or >> extensions leading to duplication of work and layering violations. >> Applications could instead exchange these settings in application >> data, meaning that each application needs to define the semantics of >> application data received before and after the settings have been >> exchanged, as H3 currently does. >> >> There is already a demonstrated need for an application parameters >> mechanism in the QUIC handshake. One example is >> https://tools.ietf.org/html/draft-vvv-webtransport-quic-00 which is >> currently using a “web_accepted_origins” transport parameter but could >> easily use an application parameters mechanism instead. >> >> I see two downsides to this proposal. The first is that the client’s >> application parameters are sent in the clear. Application designers >> will need to make a decision of how much they want to use this >> functionality (they could limit what is sent by the client or only use >> application parameters in the server direction). For H3, there are >> only three SETTINGS, QPACK_MAX_TABLE_CAPACITY, QPACK_BLOCKED_STREAMS, >> and MAX_HEADER_LIST_SIZE, which do not reveal any information about >> the user or the server they are connecting to and are likely constant >> per H3 implementation. >> >> The other downside is that if too much data is put in application >> parameters, it could cause the number of packets for a client or >> server’s flight to go from N to N+1, which would increase the chance >> of head of line blocking. >> >> Related issues: >> https://github.com/quicwg/base-drafts/issues/2790: Binding settings >> into session tickets >> https://github.com/quicwg/base-drafts/issues/2945: When to send the >> SETTINGS frame >> https://github.com/quicwg/base-drafts/issues/2783: Consider making >> SETTINGS part of the control stream header >> https://github.com/quicwg/base-drafts/issues/436: Move SETTINGS into >> TLS Handshake >> >>
- Add application parameters to QUIC handshake and … Nick Harper
- Re: Add application parameters to QUIC handshake … Christian Huitema
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … Mikkel Fahnøe Jørgensen
- Re: Add application parameters to QUIC handshake … Ian Swett
- Re: Add application parameters to QUIC handshake … Lucas Pardue
- Re: Add application parameters to QUIC handshake … Roberto Peon
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … Ted Hardie
- Re: Add application parameters to QUIC handshake … Eric Rescorla
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … David Schinazi
- Re: Add application parameters to QUIC handshake … Ted Hardie
- Re: Add application parameters to QUIC handshake … Kazuho Oku
- Re: Add application parameters to QUIC handshake … David Schinazi
- Re: Add application parameters to QUIC handshake … Kazuho Oku
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … Dmitri Tikhonov
- Re: Add application parameters to QUIC handshake … David Schinazi