Re: New Version Notification for draft-duke-quic-v2-00.txt

Christian Huitema <huitema@huitema.net> Fri, 23 April 2021 19:38 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B0D93A1B46 for <quic@ietfa.amsl.com>; Fri, 23 Apr 2021 12:38:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v9badobfvZVW for <quic@ietfa.amsl.com>; Fri, 23 Apr 2021 12:38:42 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B87923A1B3D for <quic@ietf.org>; Fri, 23 Apr 2021 12:38:41 -0700 (PDT)
Received: from xse381.mail2web.com ([66.113.197.127] helo=xse.mail2web.com) by mx135.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1la1dM-000VZH-5k for quic@ietf.org; Fri, 23 Apr 2021 21:38:37 +0200
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4FRl2b56b3z2TFc for <quic@ietf.org>; Fri, 23 Apr 2021 12:38:31 -0700 (PDT)
Received: from [10.5.2.15] (helo=xmail05.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1la1dH-0005vu-JO for quic@ietf.org; Fri, 23 Apr 2021 12:38:31 -0700
Received: (qmail 29074 invoked from network); 23 Apr 2021 19:38:28 -0000
Received: from unknown (HELO [192.168.1.105]) (Authenticated-user:_huitema@huitema.net@[172.58.43.58]) (envelope-sender <huitema@huitema.net>) by xmail05.myhosting.com (qmail-ldap-1.03) with ESMTPA for <lucaspardue.24.7@gmail.com>; 23 Apr 2021 19:38:28 -0000
Subject: Re: New Version Notification for draft-duke-quic-v2-00.txt
To: Martin Duke <martin.h.duke@gmail.com>, Marten Seemann <martenseemann@gmail.com>
Cc: IETF QUIC WG <quic@ietf.org>, Lucas Pardue <lucaspardue.24.7@gmail.com>
References: <161911211931.14837.5258716888014139826@ietfa.amsl.com> <CAM4esxQqjy6WC_6xo8c27qX_CFoyrGW=CMc-od-pmijkuptOCw@mail.gmail.com> <CALGR9oYewRHFgKYm8eyxQyB=HU7afsm2XFR3YPGW4RD6bQYysQ@mail.gmail.com> <CAM4esxQes0NBv3_o8LqH7ozrg1_i_VMpzS30c-MyNtHg6n6vRQ@mail.gmail.com> <CAOYVs2pgJmtetCifvtT_9MQes9f57w9=oCdNLGFHcTGJSU1OTQ@mail.gmail.com> <CAM4esxRPbBLV2VaeQMmQ2eCaCYQa3a=ATxMYRZm4WEE813EpYQ@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <5aa938d7-609a-f931-bc6f-8e06eb2c881b@huitema.net>
Date: Fri, 23 Apr 2021 12:38:27 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <CAM4esxRPbBLV2VaeQMmQ2eCaCYQa3a=ATxMYRZm4WEE813EpYQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Originating-IP: 66.113.197.127
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: ham
X-Spampanel-Outgoing-Evidence: Combined (0.06)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9yhQl2u5eAe4W6Tzvlq6N/PUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5x6h2yQpzTslcOqazQkKtAFKj/EwzSHE5FGYwwjsNRPCPwO gQVW72GeNnFALwUCzUXmD6wdmZPcItWbGe10hXJtXL4FsauCVkDjmcYJdU3yWp7KuHNaaKdg7iBE ZefdsNUFWKwa/wzJUjmazeC7Imca+xnn3Ohf8XY5WZ+f/Kk3UxQ6V51u76v35b1wNe/MvdL/hXir I7jpLA3NtNK1rbkD2+J9PgaoF8SQHto3le4zsAApCVB1N/BtJyJqv7YkIyyKggeTQ85o+W6+jEZD z+LhiyQEs+dlGXUJLWZ+Gc08Nmllke3azHdKmySKNUVQl4ntlVxnbS8qIO7oudHyb2T1VQ58xe/l rqiRGalI3YPsxOTrFXToVyBmRCgQVX6zVyFUu8qzeMQP6uTHL0d9UjfY+eX5ZvcELCIKs663F/co VFYFvf25LVONYbYifH5OzZDcG6hsRQZiAIgw+z837AqgX7ewI8e1h7RITgN14BHmGVt/ReJ9Mfhz zmbKTH7wI9GEU1utNskUAORCV2WFZX0jbxW6GxiepYzqTv57qmkj0l7lLXQUcNAszDsnoUOr0Bgc 5OFCptaDbqdugliFTsEyOI+gTB/pfSlbi1HgG7umZ25gpnihbI3Vv1c2tRvdVD2GbN7BITAZon7Z Iz1ONK9yUo4/+EUytKrR9Md9I2Rs1+Vyy9AdMIG7z2xACOsZ7O1PCC/cRgvQKtcrMMueERx3ekup +hhwgkR440hHC8mzYel4v7pH5CoCKIXYbiHwVSaIaIzNoZzswxuMaWjBAlpwRfZtRZBCvewR5I5K jYFpd/Uf9oDBqtClgM5jH/om1Q5UomG0v+rwIiID/kwKc8V5Tj9+FRkaOS/DNjANmb8tO61SbYdY AwdpaVzHW7wHO7YhEWyJzIkwSFAW0Pw8uiKeubcolFl/rX+2ReQklqJDASQX2Id+W5hjJNcdGs0+ iHjXODmj5PX/tZQU3bYnWKpb
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/NqigafIBAv7TWEimHdLnsI7I-sY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Apr 2021 19:38:48 -0000

Martin,

For V1, we had a rule that the version "0x00000001" would only be used 
after we had finalized the RFC. Before that, drafts would define 
versions such as "0xFF00001D" for draft 29. Should you not follow a 
similar mechansim, and define something like version "0xFF0100nn" for 
the draft-nn of the V2 spec?

-- Christian Huitema

On 4/23/2021 8:44 AM, Martin Duke wrote:
> Hi Marten,
>
> I believe everything you say is true, but to me the main intent of the v2
> draft is in fact to exercise VN.
>
> On Fri, Apr 23, 2021 at 5:29 AM Marten Seemann <martenseemann@gmail.com>
> wrote:
>
>> Hi Martin,
>>
>> Thanks for writing this up. If there's interest in deploying v1 and v2 at
>> the same time, we could scratch the requirement to implement the version
>> negotiation draft. This would open us up to version "downgrade" attacks,
>> but given that the two versions have identical security properties (by
>> design), do we actually care?
>>
>> On the other hand, I'm not sure if deploying v2 right now would actually
>> help prevent ossification. Middleboxes are already used to seeing multiple
>> QUIC versions on the wire, since we have quite broad deployment of draft
>> versions, and some people controlling both endpoints are even using private
>> version numbers. One might argue that the one thing that will actually
>> prevent ossification won't be shipping one v2, but only proper greasing of
>> the field, e.g. by implementing some variant of your version alias draft.
>>
>> Regards,
>> Marten
>>
>> On Fri, Apr 23, 2021 at 1:22 AM Martin Duke <martin.h.duke@gmail.com>
>> wrote:
>>
>>> Hi Lucas,
>>>
>>> That's a great question that I hadn't considered.
>>>
>>> The answer depends on what the WG does with the scope of this, and how VN
>>> evolves.
>>>
>>> 1. If it turns out there are some useful v1 patches we want to land here,
>>> then there will be some churn.
>>> 2. The VN design is baked into v2, and that is not stable yet. While "v2"
>>> might never change, an implementation that advertises v2 may in fact
>>> instantiate non-interoperable VN designs that should not be aggregated into
>>> a single version codepoint (though I'd have to think through how to
>>> negotiate through mutating VN designs; I have probably made a conceptual
>>> error here). In fact this draft is probably a necessary component to doing
>>> proper implementation and testing of compatible VN (unless people keep the
>>> draft versions around).
>>>
>>> IMO if this gets to the point of implementation, it would be wise to use
>>> experimental versions until it progresses to RFC. I filed an issue to fix
>>> this: https://github.com/martinduke/draft-duke-quic-v2/issues/1
>>>
>>> Thanks,
>>> Martin
>>>
>>> On Thu, Apr 22, 2021 at 11:07 AM Lucas Pardue <lucaspardue.24.7@gmail.com>
>>> wrote:
>>>
>>>> Hi Martin,
>>>>
>>>> Thanks for writing this up.
>>>>
>>>> Speaking as an individual, I have some naive questions. Is this document
>>>> so trivial that it would never change between revisions? Or is there a risk
>>>> that something like initial salt in there might need to rev? To rephrase,
>>>> would the document be better off starting with a different QUIC version
>>>> value before interoperability discovers a problem and we've blown that code
>>>> point? We can always develop such a document with a target code point in
>>>> mind for use if the doc were to get adopted and run through all due process.
>>>>
>>>> Cheers
>>>> Lucas
>>>>
>>>> On Thu, Apr 22, 2021 at 6:52 PM Martin Duke <martin.h.duke@gmail.com>
>>>> wrote:
>>>>
>>>>> Hello QUIC,
>>>>>
>>>>> I believe it was MT that threatened to do this a long time ago, but to
>>>>> work through compatible version negotiation I wrote up a trivial QUICv2
>>>>> (below) that just changes the initial salts. This caused me to figure out a
>>>>> couple of things about VN that may have been obvious to others but not to
>>>>> me.
>>>>>
>>>>> TL;DR we made the right decision to keep both in the draft.
>>>>>
>>>>> 1. One very possible world is one where firewalls ossify on expecting
>>>>> v1 in the first packet, but don't care about subsequent packets. Compatible
>>>>> VN is well-designed for this world, as Client Initials (and 0RTT, sadly)
>>>>> can be v1 essentially forever and subsequent packets can be whatever we
>>>>> want.
>>>>>
>>>>> 2. If all versions are compatible, choice of VN method is essentially
>>>>> up to the client, but not quite deterministically: it can pick either a
>>>>> likely supported version or an unlikely one. If unlikely, the server will
>>>>> either accept it or send a VN. If likely, the server MUST use compatible VN
>>>>> to change the version, since it can't send a VN packet that contains the
>>>>> initial version unless it doesn't have full support for it.
>>>>>
>>>>> Anyway, this v2 draft is available for your consideration if people
>>>>> want to quickly iterate a new version, and/or we need a vehicle for fixes
>>>>> to v1.
>>>>>
>>>>> Thanks
>>>>> Martin
>>>>>
>>>>>
>>>>> ---------- Forwarded message ---------
>>>>> From: <internet-drafts@ietf.org>
>>>>> Date: Thu, Apr 22, 2021 at 10:22 AM
>>>>> Subject: New Version Notification for draft-duke-quic-v2-00.txt
>>>>> To: Martin Duke <martin.h.duke@gmail.com>
>>>>>
>>>>>
>>>>>
>>>>> A new version of I-D, draft-duke-quic-v2-00.txt
>>>>> has been successfully submitted by Martin Duke and posted to the
>>>>> IETF repository.
>>>>>
>>>>> Name:           draft-duke-quic-v2
>>>>> Revision:       00
>>>>> Title:          QUIC Version 2
>>>>> Document date:  2021-04-22
>>>>> Group:          Individual Submission
>>>>> Pages:          5
>>>>> URL:
>>>>> https://www.ietf.org/archive/id/draft-duke-quic-v2-00.txt
>>>>> Status:         https://datatracker.ietf.org/doc/draft-duke-quic-v2/
>>>>> Html:
>>>>> https://www.ietf.org/archive/id/draft-duke-quic-v2-00.html
>>>>> Htmlized:       https://tools.ietf.org/html/draft-duke-quic-v2-00
>>>>>
>>>>>
>>>>> Abstract:
>>>>>     This document specifies QUIC version 2, which is identical to QUIC
>>>>>     version 1 except for some trivial details.  Its purpose is to combat
>>>>>     various ossification vectors and exercise the version negotiation
>>>>>     framework.  Over time, it may also serve as a vehicle for needed
>>>>>     protocol design changes.
>>>>>
>>>>>     Discussion of this work is encouraged to happen on the QUIC IETF
>>>>>     mailing list quic@ietf.org or on the GitHub repository which
>>>>> contains
>>>>>     the draft: https://github.com/martinduke/draft-duke-quic-v2.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Please note that it may take a couple of minutes from the time of
>>>>> submission
>>>>> until the htmlized version and diff are available at tools.ietf.org.
>>>>>
>>>>> The IETF Secretariat
>>>>>
>>>>>
>>>>>