IETF Logo Mail Archive

Re: [QUIC] Early implementation feedback on draft-hamilton-quic-transport-protocol-00

"Eggert, Lars" <lars@netapp.com> Fri, 21 October 2016 12:02 UTC

Return-Path: <lars@netapp.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 377431295AA for <quic@ietfa.amsl.com>; Fri, 21 Oct 2016 05:02:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.352
X-Spam-Level:
X-Spam-Status: No, score=-7.352 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netapp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OaXpEWjAH0uY for <quic@ietfa.amsl.com>; Fri, 21 Oct 2016 05:02:19 -0700 (PDT)
Received: from mx143.netapp.com (mx143.netapp.com [216.240.21.24]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA6721294A4 for <quic@ietf.org>; Fri, 21 Oct 2016 05:02:15 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.31,376,1473145200"; d="scan'208";a="150899181"
Received: from vmwexchts02-prd.hq.netapp.com ([10.122.105.23]) by mx143-out.netapp.com with ESMTP; 21 Oct 2016 05:01:49 -0700
Received: from VMWEXCCAS12-PRD.hq.netapp.com (10.122.105.30) by VMWEXCHTS02-PRD.hq.netapp.com (10.122.105.23) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 21 Oct 2016 05:01:56 -0700
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (10.120.60.153) by VMWEXCCAS12-PRD.hq.netapp.com (10.122.105.30) with Microsoft SMTP Server (TLS) id 15.0.1210.3 via Frontend Transport; Fri, 21 Oct 2016 05:01:56 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netapp.onmicrosoft.com; s=selector1-netapp-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=h77c3npgFGv4yY/YhdVYoDa4+iHU0Q3pIOXZjJX5f+M=; b=J78m5ZB/dIgS073iyI/v4OVQS7nM39rVpbwUDtmy/Tm0/DMQwmpDwp+SflYxBjACsnoN5IiPhXJ2xf6mCgxcqPbVMmHUsyx5mFXqogNXPL5lLMosXH4avHa/x4d0/oB9N3wFZAnVMREynSpOtX/sleePIqTuQgbhfkEWZhja+0g=
Received: from BN3PR0601MB1153.namprd06.prod.outlook.com (10.160.157.18) by BN3PR0601MB1153.namprd06.prod.outlook.com (10.160.157.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.659.11; Fri, 21 Oct 2016 12:01:54 +0000
Received: from BN3PR0601MB1153.namprd06.prod.outlook.com ([10.160.157.18]) by BN3PR0601MB1153.namprd06.prod.outlook.com ([10.160.157.18]) with mapi id 15.01.0659.025; Fri, 21 Oct 2016 12:01:54 +0000
From: "Eggert, Lars" <lars@netapp.com>
To: Jana Iyengar <jri@google.com>
Thread-Topic: [QUIC] Early implementation feedback on draft-hamilton-quic-transport-protocol-00
Thread-Index: AQHSFX9vCC/rzHVRH0ap9TECi8nzO6CyiN4AgABx9oA=
Date: Fri, 21 Oct 2016 12:01:54 +0000
Message-ID: <EB64D7A3-A4F0-4F20-943F-4D83F7AAE73C@netapp.com>
References: <04C36CF1-387A-460D-8820-591BD2ED7C90@netapp.com> <CAGD1bZZ33NFp6XA9Mb4WZzvA6o8fmGMy6YsO-KPSeP=YzyBzVA@mail.gmail.com>
In-Reply-To: <CAGD1bZZ33NFp6XA9Mb4WZzvA6o8fmGMy6YsO-KPSeP=YzyBzVA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3226)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=lars@netapp.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [217.70.211.15]
x-ms-office365-filtering-correlation-id: ecdb36d3-5c3b-48f8-4f42-08d3f9aa0d0b
x-microsoft-exchange-diagnostics: 1; BN3PR0601MB1153; 7:IoyqFrvJ+hnmTLz/Not3CPxqYZkCLV81Iicw2uJsCaI+ticS8Wu0vQ4MGsGi4VVAlyLnWqewXaQIAUN6e/yCFB2KlB5jJHx4HC7xrk2o7Umx9JGt0V5ZEm13U6bg9HC+gZxfGliLijk1Dfkf5EmzKUpnS8Sm6/SZFRv0WKIyXpOD1kFSfQ/TyMikgSmMaxz3PscCpiDisJ8iaxlMdLD/LGwEqqlJlW/YdS4nBghn27v5AabymHdjX523LE6H4t3e2y/z8t9DqX3K4qaVRhMk9YwjoIMIkJcApwgKZOitwQE7Uc5oQWHgkA0v1iKFe7T0jIUhLLgl6IyDkOwOAmkmwfGUz4iGVAMI8bM01SImTjo=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR0601MB1153;
x-microsoft-antispam-prvs: <BN3PR0601MB115375C9DB9B55C0B69D87A5A7D40@BN3PR0601MB1153.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(211936372134217);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6043046)(6042046); SRVR:BN3PR0601MB1153; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0601MB1153;
x-forefront-prvs: 01026E1310
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(43784003)(377454003)(199003)(189002)(24454002)(377424004)(106356001)(8936002)(4001150100001)(66066001)(2906002)(50226002)(305945005)(101416001)(7736002)(7846002)(68736007)(5660300001)(8676002)(76176999)(57306001)(230783001)(99286002)(122556002)(10400500002)(92566002)(50986999)(36756003)(105586002)(81156014)(19580405001)(106116001)(81166006)(110136003)(19580395003)(33656002)(82746002)(5002640100001)(6916009)(2950100002)(345774005)(6116002)(586003)(3846002)(4326007)(189998001)(83716003)(87936001)(15975445007)(86362001)(2900100001)(77096005)(102836003)(3660700001)(97736004)(3280700002)(11100500001)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN3PR0601MB1153; H:BN3PR0601MB1153.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: netapp.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <A44D27008980FB4B9F610966EA9B7EBA@namprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2016 12:01:54.5921 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4b0911a0-929b-4715-944b-c03745165b3a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0601MB1153
X-OriginatorOrg: netapp.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Fo0-G_rMLU7fpTPw1eUT_6DhsWw>
Cc: "quic@ietf.org" <quic@ietf.org>
Subject: Re: [QUIC] Early implementation feedback on draft-hamilton-quic-transport-protocol-00
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list to discuss QUIC standardization <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 12:02:22 -0000

Thanks, this is helpful!

On 2016-10-21, at 7:14, Jana Iyengar <jri@google.com> wrote:
> 
> Hi Lars,
> 
> Thanks again for your implementation effort and detailed feedback, and apologies for taking a while to respond. I'm happy to iterate, and I expect that my turnaround will be much faster (unlike this time :-))
> 
> On Fri, Sep 23, 2016 at 2:47 AM, Eggert, Lars <lars@netapp.com> wrote:
> Hi,
> 
> I've started to do a little QUIC implementation exercise, to see if
> the current set of documents is sufficient to allow independent
> implementation. As can be expected, they're not, but I wanted to post
> some feedback based on what I encountered at this very, very, VERY
> early phase, so the documents can be improved.
> 
> Thank you! This is what we're hoping for as well. Thank you for being a willing early implementer.
>  
> I'm purposefully avoiding to rely at documentation other than the IDs.
> I won't look at the Chromium code, and I'm only looking at the specs
> on Google Docs or wireshark outputs in order to more accurately
> describe what's currently missing in the IDs. However, I run my
> implementation against the Chromium quic_server and quic_client
> implementations, in order to see if they interoperate.
> 
> I anticipate some trouble in getting it to work with quic_client and quic_server if you're just building from the spec, since these binaries use the QUIC crypto handshake, and the spec currently does not specify one. 
>  
> (I may open source this pure C implementation at some point; at the
> moment, it's too embarrassing to do so.)
> 
> I began by reading draft-hamilton-quic-transport-protocol-00, in order
> to implement the initial handshake. The ID is reasonably long and
> complete-looking. Sections 1, 2 and 3 are reasonable in terms of
> content.
> 
> Section 4 (Connection Establishment) is difficult to make sense of
> without first reading Section 9 (Packet Types and Formats), because
> Section 4 refers to header fields, flags and other concepts that are
> only defined in Section 9. The content seems arbitrarily split between
> those sections, e.g., Section 4.1 attempts to specify version
> negotiation, but Section 9.2.1 describes the version negotiation
> packet format. One needs to constantly flip back and forth, which is
> annoying. I'd recommend reordering the content here.
> 
> I wasn't sure how to organize this content, so it's currently mechanisms in early sections and wire formats later. From your experience it seems like it may be better organized if the the wire format of the various packets and frames were alongside the mechanisms. Does that sound like a good rule of thumb? Given the size of the draft, that may be better, so I'm happy to do it.
> 
> One thing that threw me was that Section 9.1 states "all QUIC packets
> on the wire begin with a public header" and then has a diagram of what
> that header looks like, only to immediately follow it in Section 9.2
> with special packets that don't fully include that public header.
> That's really confusing. Is there a way to describe the public header
> that would include the format of the special packets? Is there a way
> to make those special packets use the public header? They're so rarely
> sent that deviating to save a few bytes doesn't seem to be a smart
> tradeoff.
> 
> I think there may be a way to separate the common parts out. Specifically, the flags and the connection ID are really the "common header", but the reason for having these three packet types is because they differ in the parts that are not encrypted (The parts that are encrypted should be specified, and I'll add that.) Perhaps one way to describe them would be to say:
> - Common Header = Flags + (optional) Connection ID
> - Regular Packets = Common Header + (optional) Version + Packet Number + Frames
> - Version Negotiation Packet = Common Header (Version Negotiation bit set) + Version List
> - Public Reset Packet = Common Header (Reset bit set) + Optional tag-values
> 
> I realized that we don't describe the format for the optional tag-values in the spec, but they're potentially useful to help authenticate the Reset. That's entirely optional at the moment, but really the Public Reset packet is identified by the bit in the flags and the connection is identified by the Connection ID.
>  
> Also, the document makes no mention of what endianness the protocol
> fields are supposed to be encoded in.
> 
> Good point -- I've added a sentence to the Packet Types and Formats saying "All values are little-endian unless otherwise noted." This sentence will likely move as the doc gets restructured, but that is the first place a packet format is currently being described.
> 
> The ID mentions QUIC version "Q025", so my code attempts to negotiate
> this version with the Chromium quic_server, but that offers "Q036" and
> indicates support for "Q035Q034Q033Q032" as well. The negotiation
> response from the server does not conform to what's in the ID, since
> it has the "diversification nonce" flag set (0x04), which is not
> specified in Section 9.2.1. It also seems to use only 12 bytes of the
> fixed 32 bytes that the nonce should occupy to indicate support for
> other versions, according to Section 9.1.
> 
> Also, that "diversification nonce" is not referred to anywhere else in
> the ID other than Section 9.1. It remains fully unclear what it is.
> 
> Good catch. The diversification nonce was a need for QUIC crypto, and it won't be required for TLS or for the general format. I'll remove mentions of it from the document.
>  
> I change my code to negotiate version "Q036", and am trying to
> figure out which frame types I am supposed to include in the initial
> packet. The various subsections of Section 4.2 list some (and say that
> some are required), but there is not enough information here for me to
> determine which to include and what the initial values should be.
> 
> So, this initial packet will be a CHLO, which is a crypto handshake packet. Basically, this is a Regular QUIC Packet, with the crypto handshake bits being sent as a STREAM frame on stream ID 1. It's clear to me now that having a detailed description of a handshake packet at this point in the text is probably helpful. If the reorganization that I suggested earlier makes sense, this may be around where I'd introduce the Regular Packet and the STREAM frame format.
> 
> So I'm cheating, and am looking at a wireshark dump of the initial
> packet that the Chromium quic_client sends to my server. I notice
> there is a "Message Authentication Hash" following the public header
> that is not mentioned at all in the ID. There is some brief text about
> "AEAD data" in Section 9.3, but nothing that would let me understand
> how that hash is computed. A quick glance at draft-thomson-quic-tls
> doesn't resolve this either. Googling around, I find that older
> versions of the spec on Google Docs have a short paragraph on "Initial
> Packet Null Encryption" that talks about using a FNV1a­128 hash, but
> even the current version on Google Docs doesn't have that paragraph
> anymore. There's clearly some content missing here.
> 
> Right -- this is the hash that is used by the AEAD algo used by QUIC's current packet crypto. This may change with TLS, and may be a different hash, but the location of the hash is right after the public header. This isn't documtned in the spec as you note, so I'll add some text about this along with the revision of the Packet Formats.
> 
> And that's where I'm currently at, after a few hours of coding. Hope
> this is useful.
> 
> Yes, extremely useful. Thanks again for your effort and feedback -- I'll try to incorporate as much as I can before the next rev.
> 
> - jana
>  
> Lars
> _______________________________________________
> QUIC mailing list
> QUIC@ietf.org
> https://www.ietf.org/mailman/listinfo/quic
> 
> _______________________________________________
> QUIC mailing list
> QUIC@ietf.org
> https://www.ietf.org/mailman/listinfo/quic

v2.23.0 | Report a Bug | By Email