Re: Stream0 Design Team Proposal

Subodh Iyengar <> Wed, 23 May 2018 03:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5DF6712895E for <>; Tue, 22 May 2018 20:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_DKIMWL_WL_MED=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key) header.b=NSnSFJ98; dkim=pass (1024-bit key) header.b=Ekk4MkdS
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VRQHxQFZE2d7 for <>; Tue, 22 May 2018 20:26:10 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BAFA612DA02 for <>; Tue, 22 May 2018 20:26:09 -0700 (PDT)
Received: from pps.filterd ( []) by ( with SMTP id w4N3NPbm023637; Tue, 22 May 2018 20:26:05 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=0q5LYYOLfthgLsFV7hJ4rKDnJr8lV+zro2b00S1R8+s=; b=NSnSFJ980jKYHoVybsCrDkttxp/eVy5XwO426UdIHYM7iy38OJZDOw7ib1zB3kJ60aU4 t0kKm8fh87dlWkdIXs6K+T5Ppq1sjShGbDi3QDOOCBtl8u7AVO00Bddt8Whow5y2dTnq WUVQQgYXuam90ZzTmHjyETZPM1rXQQnjnlI=
Received: from ([]) by with ESMTP id 2j4wnp099k-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 22 May 2018 20:26:05 -0700
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 22 May 2018 20:26:02 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0q5LYYOLfthgLsFV7hJ4rKDnJr8lV+zro2b00S1R8+s=; b=Ekk4MkdSIABPsZJpovcp1MdkDKDx3Sn8H6O3WSuqpng8hYgyzYEhc5AiMcxBlGbI89KZlFfrwABZxfJXSLs9E/hgGfajC7lJjZ6+E1NCLCeA3TIfUwRBXtf7DImwDO4uOggM+YFRb/n9acMV9l+3Jw9CVpVtW63GXGQ32L8oGUI=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.776.11; Wed, 23 May 2018 03:26:02 +0000
Received: from ([fe80::808f:5749:11db:a6a4]) by ([fe80::808f:5749:11db:a6a4%18]) with mapi id 15.20.0776.019; Wed, 23 May 2018 03:26:01 +0000
From: Subodh Iyengar <>
To: Martin Thomson <>, Ian Swett <>
CC: "" <>, QUIC WG <>
Subject: Re: Stream0 Design Team Proposal
Thread-Topic: Stream0 Design Team Proposal
Thread-Index: AQHT8jXGhBLiPTEoUE2u+pT4iGJsEaQ8oAoAgAAGHGg=
Date: Wed, 23 May 2018 03:26:01 +0000
Message-ID: <>
References: <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: [2620:10d:c090:180::1:55f1]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR15MB1150; 7:igmfl40zA50gpJrcPMMREAQPCH8vPTv7ZgG/p7FeeOBfIMUHhc8z+Iu+mSYvLUBPyzwwtRO1esia87bHEcznMTfwrY2Pdk7K7hujGDEi8taJwJeQ98BWdF396YTmon3s2HlhTccgrScRHErtoW2961/bHhMCyEbwLkALcxez7YVX1RzIbAf04hthITnyZwcrcqSvKbXxuM9jMu4jHtZ7mDQa5Db07Qp9NJKnCCQi6OcI1r9vEU9TJoiOWaQHw38/; 20:wiL+P0gZYVOqoSg0Lqs/WhT5CeAlSMcgJ0ZjIVfbHs8nl/AUoTPswyZbESrLoe9dTKuJ24+rCa3oK45uI4SjJ6yKvy1hUcIkm+lmXNKSJBT+0StIpPCXgW49eG27/QMa/5Hodl1xzO8qnwgozx7yNImqfyyhBDbGEbOiJxI+OEc=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:MWHPR15MB1150;
x-ms-traffictypediagnostic: MWHPR15MB1150:
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(10436049006162)(166708455590820)(85827821059158)(211936372134217)(100405760836317);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231254)(11241501184)(944501410)(52105095)(93006095)(93001095)(3002001)(10201501046)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(20161123562045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:MWHPR15MB1150; BCL:0; PCL:0; RULEID:; SRVR:MWHPR15MB1150;
x-forefront-prvs: 06818431B9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(346002)(376002)(39380400002)(39860400002)(396003)(366004)(199004)(189003)(51444003)(316002)(186003)(86362001)(6116002)(102836004)(53546011)(8676002)(19627405001)(14454004)(5250100002)(81156014)(110136005)(11346002)(54906003)(46003)(476003)(6506007)(486006)(33656002)(99286004)(8936002)(446003)(81166006)(575784001)(74316002)(6606003)(59450400001)(106356001)(54896002)(9686003)(68736007)(606006)(6306002)(4326008)(55016002)(105586002)(3280700002)(53936002)(39060400002)(7736002)(2906002)(236005)(6436002)(561944003)(97736004)(3660700001)(7696005)(2900100001)(6246003)(25786009)(76176011)(966005)(5660300001)(478600001)(229853002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR15MB1150;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None ( does not designate permitted sender hosts)
x-microsoft-antispam-message-info: jB5Yz7RY59U42n53i/6qALcqgdJcO/Oub3GJnza7VU04XMOncEjwYnYINCZyvNWsQFY+y0httExsohkUrybFZ4qaDqRmw4n25AGH6J6yOxx5Td0phKo/EAWERX4oMlsVNxuIx39sR7WPzCc2M1uAmyLu1A5uxc8AmBr1PVK53b/sTcDQZew3/Odt8ZOpigV9
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR15MB1821F33BAB20815A38EB34A2B66B0MWHPR15MB1821namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 6ec43089-353c-4f35-f744-08d5c05ce8dd
X-MS-Exchange-CrossTenant-Network-Message-Id: 6ec43089-353c-4f35-f744-08d5c05ce8dd
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 May 2018 03:26:01.7436 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR15MB1150
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-05-23_02:, , signatures=0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
Archived-At: <>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 23 May 2018 03:26:12 -0000

As an implementor of fizz, I support this design and am willing to implement this as well.

While this is a change in the API that TLS classically exposes, I think this is the right tradeoff because it helps make things way more explicit which will prevent several other bugs from happening in the future.


From: QUIC <> on behalf of Martin Thomson <>
Sent: Tuesday, May 22, 2018 8:00:40 PM
To: Ian Swett
Subject: Re: Stream0 Design Team Proposal

First of all, thanks to the design team for the work they have done.  I
haven't digested everything yet, but I think that I have a good sense of
the shape of the proposal.

Overall, this looks like a workable design.  It's a lot more invasive of
the cryptographic handshake implementation than I had thought people were
willing to stomach originally.  But it's clear that we've run into problems
with the current, more abstract API and this is a fairly natural way to
split TLS.  I've spent a little time thinking about how this might be
implemented and I think that it's not going to be *too* painful.  The proof
will be in the pudding there though.

In looking at the PR, I really appreciate seeing all the changes together.
BTW, the link above points to the wrong PR, so be careful (it appears to
have the same content, but that's not guaranteed).  The actual PR is here:

I've pushed a branch to the main repo so that you can preview the entire
document set:

It seems like there are some core changes here and a bunch of separable or
at least secondary changes.  I'm sure that each one has its own
justification, but that isn't always clear. The following changes seem like
they are separable:

* The use of separate packet number spaces
* The Retry packet changes (and NEW_TOKEN)
* The TLS extension for flow control

Right now, some of these appear to be entirely gratuitous.  I'd like to get
to the bottom of each before we continue.

At a minimum, the PR we land first should include just the core changes.
As you say, reviewing a monster PR like this will only make GitHub weep
unicorns, but we might be able to cut this into smaller pieces.

On Wed, May 23, 2018 at 11:31 AM Ian Swett <ianswett=> wrote:

> Dear QUIC WG,

> On behalf of the Stream 0 Design Team, I am pleased to report that we
have consensus on a proposed approach to share with the WG. The DT's
proposal will make QUIC and TLS work closer together and incorporates ideas
from DTLS, but it does not use the DTLS protocol itself.

> The DT believes this solves the important open Stream 0 issues. The
proposal will be a bit more invasive in TLS, but we believe it is the right
long-term direction and several TLS stacks (BoringSSL, PicoTLS, NSS, and
Mint) are willing and able to do the work necessary.. A number of stacks
are currently working on implementations of this new approach, which we
hope to have in time for the Interim meeting.

> A design document describing the overall approach can be found at:

> A PR making the changes to the QUIC documents can be found at:


> A few design details did not have clear consensus, but it was felt it
would be better to discuss those in the wider WG than delay the design
team.  A consistent choice was made in the PR and these issues are
mentioned in Appendix B of the design doc.

> As always, comments and questions welcome. That said, this is a big PR
and we recognize that some editorial work is going to be needed before
merging. In the interest of letting people follow along, and to keep github
from falling over, we ask people to keep discussion on the mailing list and
refrain from making PR comments.

> See you in Kista!

> Ian and Eric