Re: Proposal: Run QUIC over DTLS

Christian Huitema <huitema@huitema.net> Fri, 09 March 2018 17:42 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E00FC1270AB for <quic@ietfa.amsl.com>; Fri, 9 Mar 2018 09:42:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 39GW4GPjp1_1 for <quic@ietfa.amsl.com>; Fri, 9 Mar 2018 09:42:51 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C26EF1241FC for <quic@ietf.org>; Fri, 9 Mar 2018 09:42:50 -0800 (PST)
Received: from xsmtp01.mail2web.com ([168.144.250.230]) by mx62.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1euM2U-0000Mg-3j for quic@ietf.org; Fri, 09 Mar 2018 18:42:42 +0100
Received: from [10.5.2.35] (helo=xmail10.myhosting.com) by xsmtp01.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1euM2R-0003gI-On for quic@ietf.org; Fri, 09 Mar 2018 12:42:40 -0500
Received: (qmail 27450 invoked from network); 9 Mar 2018 17:42:38 -0000
Received: from unknown (HELO [192.168.1.101]) (Authenticated-user:_huitema@huitema.net@[172.56.42.195]) (envelope-sender <huitema@huitema.net>) by xmail10.myhosting.com (qmail-ldap-1.03) with ESMTPA for <ekr@rtfm.com>; 9 Mar 2018 17:42:38 -0000
To: Gabriel Montenegro <Gabriel.Montenegro=40microsoft.com@dmarc.ietf.org>, Leif Hedstrom <leif@ogre.com>, Martin Duke <martin.h.duke@gmail.com>
Cc: Ted Hardie <ted.ietf@gmail.com>, "quic@ietf.org" <quic@ietf.org>, Eric Rescorla <ekr@rtfm.com>
References: <CABcZeBO9g5vnPK2aGYEUOYOkT-898Gc0-d4T=kDvxuE2Yg6kMQ@mail.gmail.com> <CANatvzyevZrZciO3fTWFspp9utjKv9Z+PQ5F=yHKNBabssEsNw@mail.gmail.com> <MWHPR15MB182183BE8E6E0C3A97795315B6D90@MWHPR15MB1821.namprd15.prod.outlook.com> <CANatvzzARjNdr6Rms0r0yVn41JwtU6p9uNueq_ZROVzU19-1+A@mail.gmail.com> <b32d00a03ca148eca5a16e572d1030a0@usma1ex-dag1mb5.msg.corp.akamai.com> <CABcZeBMyKY8d3OUwF11NqYvgNswD7F1S8R7rXrKYXTaNPTkOxw@mail.gmail.com> <CA+9kkMBKE46GNHevhcnvBwJ1cbOb369-NKvtzQ7wDcnEZezg+Q@mail.gmail.com> <CAM4esxSkAhU2m6KiVAxibAYmCKFhBsyBCOMzJFfud6rQDMvHrA@mail.gmail.com> <17BE7149-8443-439D-993E-83368E5ECE8D@ogre.com> <SN4PR2101MB0734848E3F2B71512FA93F6495DE0@SN4PR2101MB0734.namprd21.prod.outlook.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <013f958c-1fbc-398a-1bbe-d370a1417ee6@huitema.net>
Date: Fri, 9 Mar 2018 09:42:36 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <SN4PR2101MB0734848E3F2B71512FA93F6495DE0@SN4PR2101MB0734.namprd21.prod.outlook.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
Subject: Re: Proposal: Run QUIC over DTLS
X-Originating-IP: 168.144.250.230
X-AntiSpamCloud-Domain: xsmtpout.mail2web.com
X-AntiSpamCloud-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-AntiSpamCloud-Outgoing-Class: unsure
X-AntiSpamCloud-Outgoing-Evidence: Combined (0.25)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5iRw0q8k9Ov4wVlKKjRvZ6J602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO37pNwwF1lRXh5rzvPzo9Jts1ujulqUFmMITHM77eiVigRlKcvAsIgdFbq8EdMyefc7i TvJ2/ZGzVWB9scFAaCdIFaUvXN+CI+RGy3Me16pBCnY1T4UEFfy74vbELeG6IB/TBCf6oYXAWGet lavcAjD9ytQxIHf9lN5jjLJaPK8lRJSPf/SXbEnDSsal/zZzc4n9VZdr7RAFD5mRwooUYhwMPaBP aKeQW+/QlaOdv8isl/qMm08Zpim2AHUKEWvQ6G/bWfgucjnNmABpGhD9TTttrFCuZ0NkwnSz2Luu o1u9uevuNfM1HjkNEFwape+IgNezYqxGMqsKjARq8PBC4qjSYb8Ll5Ew7esaVIVXxqL4mdySlZou 9qHIGOZDEEo7Oyc1nq0gsY582CWqKjiRB3ukywmZtiDkyd4mEBjJGGEJgawbllbHk+xyUKopM6rc KCaQX/lIXcRWtobViGg9fpW4c1OgHtPoe1bkMdZgVo8qbyehtyV7tpwonXkci8Jzobtbzh8VeqoI JHX4GB0qxgBz1HQkoj+jjvmw3UQ3Zextr+7/jg66NXUoieIpLIJirIV7hPvBDpgDmC+XXO9ws5qS dbWrmlMqpoC2dVXCySAV5ZxrRnRt4PqMzH3k7hTkr1YE7tCqypI5WX0qWh4YQLCw+Br0BizoMfgx dFd5tqYVbr8Ks0SqCpRWIiXMtOo8/pI8jnU4taLGlA8rnD8bXLVBfU8ctw02+BCtWDMNtlI8QKHY 6H+wSCoVvwvquzDDiBiyp9ZnkUf43DmQkwMxjMGYdub/YU/cH64QiTAnRDmAKMFEHS3+vt/Njsed NDmPw/Ld14/y82ebPziYNS9mrGcHWFhVQvKDd9aHm1tzPaYBnxycJOQKmrvtOUL1jquCMfd5HnMi k4ibTRVHi8subW0=
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/O_pHOZGzE2zHRLxybGkfCBXbDPw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Mar 2018 17:42:53 -0000

On 3/9/2018 9:24 AM, Gabriel Montenegro wrote:

> Another interesting result of this discussion is Subodh’s suggestion to clarify the interfaces between subsystems (“layering structure”): QUIC transport and packetization vs crypto on stream 0 vs UDP. 

In fact, the current QUIC design is a good example of the evolution in
protocol architecture from "layering" to "functional decomposition". The
layering approach, as popularized by the OSI model, consider the system
as a set of filters layered on top of each other. It is a powerful
approach, but it has limitations. The biggest limitation is tied to the
design principle: each layer obscures the view of the other layers; to
mitigate that, the layer API needs a set of pass-through functions, such
as for example passing a setsockopt to TCP across TLS.

In contrast, functional decomposition looks at big functions such as
reliability, forward error correction, real time delivery, and arranges
the protocol as an assembly of these functions. This is very much the
direction pointed to by TAPS. In the case of QUIC, the relation with TLS
is an example of such functional decomposition, treating TLS as a black
box that negotiates keys.

We can certainly agree that the stream zero approach is not ideal. It
may very well be that a set of TLS oriented frame types would be much
cleaner. But in my mind a strict layering approach on top of DTLS would
not be architecturally cleaner. I believe that it would be a step backward.

-- Christian Huitema