IETF Logo Mail Archive

Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS

David Schinazi <dschinazi.ietf@gmail.com> Wed, 02 October 2019 21:21 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B4951208B2 for <quic@ietfa.amsl.com>; Wed, 2 Oct 2019 14:21:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k1M-9UaRba-q for <quic@ietfa.amsl.com>; Wed, 2 Oct 2019 14:21:06 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B83412029C for <quic@ietf.org>; Wed, 2 Oct 2019 14:21:06 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id m13so343626ljj.11 for <quic@ietf.org>; Wed, 02 Oct 2019 14:21:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2JB1QopW/OZ19kyDa8stDOkO27OBpMOV657l7HDV4tM=; b=Qz2ZO0iFvBIcO6S9VZzAw1G8A0Uaz2y9XSaDY7vLitCgFatXPIck0JYc5e+EdWbJ41 IZMjOIukVis/ggP2j/z7m5oazpa0xVN6TmUkwJqk0n1jpc7lda+GvV4L+DCi1FatNYdN 7rtFfg8udohpyE2YB2yvBPRQs+r1XkxskrXry4aw9B1AafOmKODIKYDxRFpZq2UOUqf7 vUsCAZ6rWRZDqVJ1K8O6mqBtYeXVmRepqzKeSpIthHtL3e9fBmLBm1TmMJE9eH/fPZt1 WVOGvVZkPxUW9XxBDTJaLh4VUZFDqLjxq5UcTbbpHtSQe9LLf6s7IVFs/RDzyeTi/PK2 CY3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2JB1QopW/OZ19kyDa8stDOkO27OBpMOV657l7HDV4tM=; b=MPlb8yH9Jks24rxaFuCQelMnxhGLlC+C8jY4XqNJEMxqx2pHs3JSSuodrb26nJbbr5 Cb/ZSq9qX47FTu+xVHClQEgMhiOaEfntVAVBnoxhOXCcQdknzruEwvOEf1ujV32343W3 3DRr+H0oNGwAfbIR1KMBew9ZHPRzW5r+hoFb60MFXEeag76hbOsWDT+ZRSPpKWHDwlQs CwqgWeb6g00nP364LusPUFxou2K+PeW83aTWwS8AkzQFne4XFZMZD1W0Plh0ti86hcsC QadYrAYtyK4O46D+2UUC4XB2LDBjI8/l1dbc0sf1PF0kU5d/1hY+iUNtkDybolAkoFwd JliA==
X-Gm-Message-State: APjAAAWlNsxgr/TWchytqlD3vi1vaR2P2tUZj1Ywsf17rtiE0oatqnlJ 6O/EB9mTTwurJOl2HcN8trunTZWUYxpi3xqa/Fc=
X-Google-Smtp-Source: APXvYqzSXLn4ZV6kE8cvfqf4QK796qkxSGZ6AH6B9c45t5jVjvtW/BNk6mDdhjt20ceFCu4N9zylSpf8XrHYGOXMMxY=
X-Received: by 2002:a2e:6a13:: with SMTP id f19mr3807422ljc.17.1570051264155; Wed, 02 Oct 2019 14:21:04 -0700 (PDT)
MIME-Version: 1.0
References: <CACdeXiLEnvmqmxSgXbvAwEo0rgm-F59RL2sk0Ugu6PNuiDkfsw@mail.gmail.com> <CA+9kkMCOx-3cBq1_X4acHPjKtWUYSFLiLsu8HuEFOmDKxv7aww@mail.gmail.com> <CABcZeBNL0AYJF6J5Dn8LYYfK+Gv39_LPknSNtrMgRcp_tgayZQ@mail.gmail.com> <CACdeXiJFSo0-oK60ONnVfXFN66nO5f292m65znD9MW4DKRJJfg@mail.gmail.com> <CAPDSy+49Kk1GUS+WoyNaKTJ2AnyvhYmiAMXQk-Oi-Xczgenquw@mail.gmail.com> <CANatvzwb_Yp9dhpQv+Adv6JGk-wFYrc4XnJ0H7waNFzqb02wDg@mail.gmail.com>
In-Reply-To: <CANatvzwb_Yp9dhpQv+Adv6JGk-wFYrc4XnJ0H7waNFzqb02wDg@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 02 Oct 2019 14:20:52 -0700
Message-ID: <CAPDSy+4aFG_JUUQYxhXFUmhShXML58uSp2v+pEW9cy6FPcyuCw@mail.gmail.com>
Subject: Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: Nick Harper <nharper=40google.com@dmarc.ietf.org>, Eric Rescorla <ekr@rtfm.com>, IETF QUIC WG <quic@ietf.org>, Ted Hardie <ted.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000e113240593f40b29"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/J1Gkj_Lqy2-w1YgAGGKwpFstL80>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 21:21:12 -0000

If we decide that the first requests need to operate without knowledge of
settings,
we're effectively crippling the main extension mechanism we have in HTTP/3.
I'm not comfortable saying that for the entire lifetime of QUICv1 we cannot
have
extensions that impact the first requests. That feels like painting
ourselves into a corner.

There are many features that we can punt out of QUICv1 and figure out later
as extensions,
but it's critical that we build an extension mechanism that allows that.

On Tue, Oct 1, 2019 at 6:23 PM Kazuho Oku <kazuhooku@gmail.com> wrote:

> 2019年10月2日(水) 9:21 David Schinazi <dschinazi.ietf@gmail.com>:
> >
> > Additionally, the current status quo makes it hard to have SETTINGS
> > play nicely with 0-RTT. Fixing this is important to deploying IETF QUIC.
>
> While I understand and share the pain, I am not sure if this should be
> a blocker for QUIC v1, as 0-RTT is essentially a must-implement for
> HTTP/3 (the primary application protocol for QUIC v1).
>
> 0-RTT requires clients (and servers) to operate without the knowledge
> of the settings that are sent by the server. Until the client receives
> the settings of the server and switches to using 1-RTT packets, the
> client is expected to use the settings of the previous connection. The
> server is expected to accept 0-RTT only if it knows that the settings
> parameters of that the client is using for 0-RTT.
>
> Assuming that we cannot remove this requirement, I do not think it's
> too complicated to require endpoints when using 1-RTT to operate
> without the knowledge of settings (i.e. operate with a very
> conservative set of properties) until it receives the settings from
> the peer.
>
> > We're chartered to produce a protocol with fast connection establishment,
> > and if we fail to negotiate options and extensions nicely with that,
> we'll
> > harm extensibility long-term and cause deployment of damaging
> workarounds.
> >
> > David
> >
> > On Tue, Oct 1, 2019 at 4:41 PM Nick Harper <nharper=
> 40google.com@dmarc.ietf.org> wrote:
> >>
> >> I think it loses most of its utility if it's not a v1 feature. The
> >> main motivation for the feature is to simplify application protocols.
> >> At the time that v2 is introduced and application protocols are being
> >> specified to use it, existing application protocols will already have
> >> an application-specific way to negotiate params, so they will continue
> >> to use that instead of using both the existing application-specific
> >> mechanism (for v1) and v2-only application parameters feature (for
> >> v2+). (I'm assuming that as applications switch from using QUIC v1 to
> >> QUIC v2, it will be like upgrading H2 from TLS 1.2 to TLS 1.3, instead
> >> of like upgrading H2 to H3.)
> >>
> >> On Tue, Oct 1, 2019 at 1:51 PM Eric Rescorla <ekr@rtfm.com> wrote:
> >> >
> >> > Does this need to be a 1.0 feature?
> >> >
> >> > On Fri, Sep 27, 2019 at 12:13 PM Ted Hardie <ted.ietf@gmail.com>
> wrote:
> >> >>
> >> >> Hi Nick,
> >> >>
> >> >> Two points in addition to the privacy issue already raised make me
> concur with Roberto that this should be v2 or later.  The first is this:
> >> >>
> >> >> "Negotiating or advertising features is something multiple
> applicationswill need to do and is not a feature specific to H3."
> >> >>
> >> >> Absolutely true, but there is also a fairly large variability in how
> applications do this.  If we design something now that works for H3, it may
> very well be sub-optimal or useless for later application targets.  Getting
> something general enough to handle DNS, WEBRTC,  SMTP, plus the various
> flavors of IoT protocols I've heard as targets hoping to move to QUIC is
> going to take time and care, and it will block completion of v1.
> >> >>
> >> >> The second is this:
> >> >>
> >> >> *The other downside is that if too much data is put in application
> parameters, it could cause the number of packets for a client or server’s
> flight to go from N to N+1, which would increase the chance of head of line
> blocking.
> >> >>
> >> >> Depending on what counts as application parameters, this could be
> more than N+1.  Someone running NETCONF over QUIC, for example, would be
> using a fairly verbose syntax in which each parameter is a full URN.
> >> >>
> >> >> regards,
> >> >>
> >> >> Ted Hardie
> >> >>
> >> >>
> >> >> On Thu, Sep 26, 2019 at 5:52 PM Nick Harper <nharper=
> 40google.com@dmarc.ietf.org> wrote:
> >> >>>
> >> >>> I propose introducing application parameters to the QUIC handshake
> and
> >> >>> using this new mechanism for H3 SETTINGS instead of sending them as
> >> >>> the first thing in the control stream. Application parameters would
> >> >>> allow applications using QUIC to advertise or negotiate
> >> >>> application-specific parameters during the cryptographic and
> transport
> >> >>> handshake. It would guarantee that the client and server have
> >> >>> exchanged their application parameters once the handshake is
> complete.
> >> >>>
> >> >>> Specifically, I’m proposing a new “application_layer_parameters”
> >> >>> transport parameter, which when sent by the client is a series of
> ALPN
> >> >>> identifiers with an opaque blob of application parameters per
> >> >>> identifier, and when sent by the server is a single opaque blob of
> >> >>> application parameters for the application identified in the ALPN
> >> >>> extension.
> >> >>>
> >> >>> Negotiating or advertising features is something multiple
> applications
> >> >>> will need to do and is not a feature specific to H3. Whatever we do
> in
> >> >>> H3 will likely be copied by other applications using QUIC. By
> >> >>> providing a general mechanism in QUIC transport, we provide
> >> >>> applications with a consistent way of achieving this goal. QUIC has
> a
> >> >>> design pattern of collapsing multiple layers into one to save on
> round
> >> >>> trips (e.g. combining crypto and transport handshake); this fits in
> >> >>> with that pattern.
> >> >>>
> >> >>> Using application parameters for H3 SETTINGS clears up some issues.
> H3
> >> >>> doesn’t need to specify that an endpoint shouldn’t wait for its
> peer’s
> >> >>> SETTINGS since they’ve already arrived. Likewise, there is no
> >> >>> confusion about whether SETTINGS arriving after session tickets are
> >> >>> bound to the session tickets; SETTINGS arrives before the tickets
> and
> >> >>> the client doesn’t need to wait for the receipt of SETTINGS to bind
> >> >>> them to the ticket. It also simplifies the server binding SETTINGS
> to
> >> >>> the ticket since that is done as part of binding transport
> parameters
> >> >>> to the ticket.
> >> >>>
> >> >>> This also provides opportunities for future features. Since the
> >> >>> exchange of SETTINGS occurs before application data, a new feature
> >> >>> doesn’t need to be specified in a way to provide an upgrade path
> from
> >> >>> “vanilla” H3 to something including this feature, and instead be
> >> >>> guaranteed that the new feature can be used for the entire
> connection.
> >> >>>
> >> >>> Without application parameters, each application that needs to
> >> >>> advertise or negotiate application settings needs its own mechanism
> to
> >> >>> do so. This would result in multiple transport parameters or
> >> >>> extensions leading to duplication of work and layering violations.
> >> >>> Applications could instead exchange these settings in application
> >> >>> data, meaning that each application needs to define the semantics of
> >> >>> application data received before and after the settings have been
> >> >>> exchanged, as H3 currently does.
> >> >>>
> >> >>> There is already a demonstrated need for an application parameters
> >> >>> mechanism in the QUIC handshake. One example is
> >> >>> https://tools.ietf.org/html/draft-vvv-webtransport-quic-00 which is
> >> >>> currently using a “web_accepted_origins” transport parameter but
> could
> >> >>> easily use an application parameters mechanism instead.
> >> >>>
> >> >>> I see two downsides to this proposal. The first is that the client’s
> >> >>> application parameters are sent in the clear. Application designers
> >> >>> will need to make a decision of how much they want to use this
> >> >>> functionality (they could limit what is sent by the client or only
> use
> >> >>> application parameters in the server direction). For H3, there are
> >> >>> only three SETTINGS, QPACK_MAX_TABLE_CAPACITY,
> QPACK_BLOCKED_STREAMS,
> >> >>> and MAX_HEADER_LIST_SIZE, which do not reveal any information about
> >> >>> the user or the server they are connecting to and are likely
> constant
> >> >>> per H3 implementation.
> >> >>>
> >> >>> The other downside is that if too much data is put in application
> >> >>> parameters, it could cause the number of packets for a client or
> >> >>> server’s flight to go from N to N+1, which would increase the chance
> >> >>> of head of line blocking.
> >> >>>
> >> >>> Related issues:
> >> >>> https://github.com/quicwg/base-drafts/issues/2790: Binding settings
> >> >>> into session tickets
> >> >>> https://github.com/quicwg/base-drafts/issues/2945: When to send the
> >> >>> SETTINGS frame
> >> >>> https://github.com/quicwg/base-drafts/issues/2783: Consider making
> >> >>> SETTINGS part of the control stream header
> >> >>> https://github.com/quicwg/base-drafts/issues/436: Move SETTINGS
> into
> >> >>> TLS Handshake
> >> >>>
> >>
>
>
> --
> Kazuho Oku
>

v2.23.0 | Report a Bug | By Email