IETF Logo Mail Archive

Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS

Nick Harper <nharper@google.com> Tue, 01 October 2019 23:41 UTC

Return-Path: <nharper@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C25171202A0 for <quic@ietfa.amsl.com>; Tue, 1 Oct 2019 16:41:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.501
X-Spam-Level:
X-Spam-Status: No, score=-17.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nkIaHru2lxRM for <quic@ietfa.amsl.com>; Tue, 1 Oct 2019 16:41:49 -0700 (PDT)
Received: from mail-oi1-x22b.google.com (mail-oi1-x22b.google.com [IPv6:2607:f8b0:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 210F8120132 for <quic@ietf.org>; Tue, 1 Oct 2019 16:41:49 -0700 (PDT)
Received: by mail-oi1-x22b.google.com with SMTP id k20so16101972oih.3 for <quic@ietf.org>; Tue, 01 Oct 2019 16:41:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=9iBQ4TLWLupQGeGpmwarrtpqr8cwca6L3T8tVrD64Lc=; b=LkwWXhuu0BNN4cp32In3uJ/StbIP1KV/HlKjxPnWLV/4O7fEBl8vC5UNYfBJApF0/9 X3Q18I3em4efMconYSdTPHJozd0zT3HEJtDA3RuBtAb532IDHvJ0jBuSe9ieiB8tZmW0 VExzpUTSSke1ezvhBjwUCxkcJ7B9rNjfrp9hk+V+hSB9oKDqtvrlcX4ImZ6ALoQTqeBv BH5XvVGXzFbWMY/yXDCZfbMaqsgHoCIrIPI+vrR133z4SieDgqGi6CI8xHNJvgqHDO59 qVM9I84LDB8OWrBCmmAHlzmdRji6i951wdeYEObIvk9z1of7Ekpya7yWt8iJSy9srB0e jisQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=9iBQ4TLWLupQGeGpmwarrtpqr8cwca6L3T8tVrD64Lc=; b=gt/0w+U88MV00tEdO9i3xI/c3kqzqfIAdDiaxqVvjyIkz3Mc9X51HVx5Mem2WPDz7A GsNcZYErylD6H1Nibq/4fz4cpQsxyUZQmGB6lwdYkD2eKGdhBVCTbZFZqOOsFyCFtGpf RvHGEk+7ddUmjFiS+SEZ2uv3En7KQvmtfaCVonmAZNQH/GuzzIsK13zWo+eOMeJiM56H gGXrp7BBT9Fn6T223YPCrYLg73sOIQ6oZO5JfkB9m95RjnBxM7sJlirpHYsp93rsdJiT afNCBvNZzPyVH2N4x/0MESwpZ9SZQWStX5l9mN+U8S39JxlXWAeqoK0ijv26VVC6lfyc 5n9g==
X-Gm-Message-State: APjAAAWadtllc/BJ21zb2bslq+VbQ+CxbSbQBF1HKVbOHXK23qtwxLM1 HcQGNfF74Kj05k74c7AQRA9nB7Wv9d2/b7xZCLemsA==
X-Google-Smtp-Source: APXvYqyQVsePF8VU85Id4NkKzWFI0tXH7coPI8fU23VOd9Bdld06JxzvPwB3CXB/NH6DzcG4nMPAL6F9vCBhtqfFRIk=
X-Received: by 2002:aca:eb09:: with SMTP id j9mr496259oih.105.1569973307995; Tue, 01 Oct 2019 16:41:47 -0700 (PDT)
MIME-Version: 1.0
References: <CACdeXiLEnvmqmxSgXbvAwEo0rgm-F59RL2sk0Ugu6PNuiDkfsw@mail.gmail.com> <CA+9kkMCOx-3cBq1_X4acHPjKtWUYSFLiLsu8HuEFOmDKxv7aww@mail.gmail.com> <CABcZeBNL0AYJF6J5Dn8LYYfK+Gv39_LPknSNtrMgRcp_tgayZQ@mail.gmail.com>
In-Reply-To: <CABcZeBNL0AYJF6J5Dn8LYYfK+Gv39_LPknSNtrMgRcp_tgayZQ@mail.gmail.com>
From: Nick Harper <nharper@google.com>
Date: Tue, 01 Oct 2019 16:41:36 -0700
Message-ID: <CACdeXiJFSo0-oK60ONnVfXFN66nO5f292m65znD9MW4DKRJJfg@mail.gmail.com>
Subject: Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS
To: Eric Rescorla <ekr@rtfm.com>
Cc: Ted Hardie <ted.ietf@gmail.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/JbWpzsWt11XHa5_8GuW8Xt8OJuI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 23:41:52 -0000

I think it loses most of its utility if it's not a v1 feature. The
main motivation for the feature is to simplify application protocols.
At the time that v2 is introduced and application protocols are being
specified to use it, existing application protocols will already have
an application-specific way to negotiate params, so they will continue
to use that instead of using both the existing application-specific
mechanism (for v1) and v2-only application parameters feature (for
v2+). (I'm assuming that as applications switch from using QUIC v1 to
QUIC v2, it will be like upgrading H2 from TLS 1.2 to TLS 1.3, instead
of like upgrading H2 to H3.)

On Tue, Oct 1, 2019 at 1:51 PM Eric Rescorla <ekr@rtfm.com> wrote:
>
> Does this need to be a 1.0 feature?
>
> On Fri, Sep 27, 2019 at 12:13 PM Ted Hardie <ted.ietf@gmail.com> wrote:
>>
>> Hi Nick,
>>
>> Two points in addition to the privacy issue already raised make me concur with Roberto that this should be v2 or later.  The first is this:
>>
>> "Negotiating or advertising features is something multiple applicationswill need to do and is not a feature specific to H3."
>>
>> Absolutely true, but there is also a fairly large variability in how applications do this.  If we design something now that works for H3, it may very well be sub-optimal or useless for later application targets.  Getting something general enough to handle DNS, WEBRTC,  SMTP, plus the various flavors of IoT protocols I've heard as targets hoping to move to QUIC is going to take time and care, and it will block completion of v1.
>>
>> The second is this:
>>
>> *The other downside is that if too much data is put in application parameters, it could cause the number of packets for a client or server’s flight to go from N to N+1, which would increase the chance of head of line blocking.
>>
>> Depending on what counts as application parameters, this could be more than N+1.  Someone running NETCONF over QUIC, for example, would be using a fairly verbose syntax in which each parameter is a full URN.
>>
>> regards,
>>
>> Ted Hardie
>>
>>
>> On Thu, Sep 26, 2019 at 5:52 PM Nick Harper <nharper=40google.com@dmarc.ietf.org> wrote:
>>>
>>> I propose introducing application parameters to the QUIC handshake and
>>> using this new mechanism for H3 SETTINGS instead of sending them as
>>> the first thing in the control stream. Application parameters would
>>> allow applications using QUIC to advertise or negotiate
>>> application-specific parameters during the cryptographic and transport
>>> handshake. It would guarantee that the client and server have
>>> exchanged their application parameters once the handshake is complete.
>>>
>>> Specifically, I’m proposing a new “application_layer_parameters”
>>> transport parameter, which when sent by the client is a series of ALPN
>>> identifiers with an opaque blob of application parameters per
>>> identifier, and when sent by the server is a single opaque blob of
>>> application parameters for the application identified in the ALPN
>>> extension.
>>>
>>> Negotiating or advertising features is something multiple applications
>>> will need to do and is not a feature specific to H3. Whatever we do in
>>> H3 will likely be copied by other applications using QUIC. By
>>> providing a general mechanism in QUIC transport, we provide
>>> applications with a consistent way of achieving this goal. QUIC has a
>>> design pattern of collapsing multiple layers into one to save on round
>>> trips (e.g. combining crypto and transport handshake); this fits in
>>> with that pattern.
>>>
>>> Using application parameters for H3 SETTINGS clears up some issues. H3
>>> doesn’t need to specify that an endpoint shouldn’t wait for its peer’s
>>> SETTINGS since they’ve already arrived. Likewise, there is no
>>> confusion about whether SETTINGS arriving after session tickets are
>>> bound to the session tickets; SETTINGS arrives before the tickets and
>>> the client doesn’t need to wait for the receipt of SETTINGS to bind
>>> them to the ticket. It also simplifies the server binding SETTINGS to
>>> the ticket since that is done as part of binding transport parameters
>>> to the ticket.
>>>
>>> This also provides opportunities for future features. Since the
>>> exchange of SETTINGS occurs before application data, a new feature
>>> doesn’t need to be specified in a way to provide an upgrade path from
>>> “vanilla” H3 to something including this feature, and instead be
>>> guaranteed that the new feature can be used for the entire connection.
>>>
>>> Without application parameters, each application that needs to
>>> advertise or negotiate application settings needs its own mechanism to
>>> do so. This would result in multiple transport parameters or
>>> extensions leading to duplication of work and layering violations.
>>> Applications could instead exchange these settings in application
>>> data, meaning that each application needs to define the semantics of
>>> application data received before and after the settings have been
>>> exchanged, as H3 currently does.
>>>
>>> There is already a demonstrated need for an application parameters
>>> mechanism in the QUIC handshake. One example is
>>> https://tools.ietf.org/html/draft-vvv-webtransport-quic-00 which is
>>> currently using a “web_accepted_origins” transport parameter but could
>>> easily use an application parameters mechanism instead.
>>>
>>> I see two downsides to this proposal. The first is that the client’s
>>> application parameters are sent in the clear. Application designers
>>> will need to make a decision of how much they want to use this
>>> functionality (they could limit what is sent by the client or only use
>>> application parameters in the server direction). For H3, there are
>>> only three SETTINGS, QPACK_MAX_TABLE_CAPACITY, QPACK_BLOCKED_STREAMS,
>>> and MAX_HEADER_LIST_SIZE, which do not reveal any information about
>>> the user or the server they are connecting to and are likely constant
>>> per H3 implementation.
>>>
>>> The other downside is that if too much data is put in application
>>> parameters, it could cause the number of packets for a client or
>>> server’s flight to go from N to N+1, which would increase the chance
>>> of head of line blocking.
>>>
>>> Related issues:
>>> https://github.com/quicwg/base-drafts/issues/2790: Binding settings
>>> into session tickets
>>> https://github.com/quicwg/base-drafts/issues/2945: When to send the
>>> SETTINGS frame
>>> https://github.com/quicwg/base-drafts/issues/2783: Consider making
>>> SETTINGS part of the control stream header
>>> https://github.com/quicwg/base-drafts/issues/436: Move SETTINGS into
>>> TLS Handshake
>>>

v2.23.0 | Report a Bug | By Email