RE: Exercising Version Negotiation

Mike Bishop <mbishop@evequefou.be> Thu, 22 March 2018 15:46 UTC

Return-Path: <mbishop@evequefou.be>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0716C12D942 for <quic@ietfa.amsl.com>; Thu, 22 Mar 2018 08:46:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2J-FVnXqb0Ux for <quic@ietfa.amsl.com>; Thu, 22 Mar 2018 08:46:21 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0139.outbound.protection.outlook.com [104.47.38.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 950DD127419 for <quic@ietf.org>; Thu, 22 Mar 2018 08:46:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector1-evequefou-be; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=p+iWGczHYQ/c90I088JoE7IUWpzjuFfr6LxyDWIEgQA=; b=M0K5CJj1Bn4Wmmted1jTvYjcCXulczgUuCA+5EgCmJZTAaAveky+JzJFJ8aS0oTxr4s/6eylGRUzfmitfKF0P2NtF5QAvlvYQvB0G6T6i2X+k0HBo4AKbK7zMAXOxYnQjGUb4vx/ADE6KN0VWkY0Bgf7qChxYP9kMIAZrMu0Czc=
Received: from SN1PR08MB1854.namprd08.prod.outlook.com (10.169.39.8) by SN1PR08MB1981.namprd08.prod.outlook.com (10.169.39.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.588.14; Thu, 22 Mar 2018 15:46:18 +0000
Received: from SN1PR08MB1854.namprd08.prod.outlook.com ([fe80::b057:7190:752f:8cb9]) by SN1PR08MB1854.namprd08.prod.outlook.com ([fe80::b057:7190:752f:8cb9%13]) with mapi id 15.20.0588.017; Thu, 22 Mar 2018 15:46:18 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Eric Rescorla <ekr@rtfm.com>, Ryan Hamilton <rch@google.com>
CC: IETF QUIC WG <quic@ietf.org>
Subject: RE: Exercising Version Negotiation
Thread-Topic: Exercising Version Negotiation
Thread-Index: AQHTwdXv2thOH1c5TkuiwKT5TsenmqPcS1kAgAAEWICAAAR94A==
Date: Thu, 22 Mar 2018 15:46:18 +0000
Message-ID: <SN1PR08MB1854DD71FDCB9FBA48DD26E9DAA90@SN1PR08MB1854.namprd08.prod.outlook.com>
References: <CABcZeBMv5BqZOtgVA2wfqaaGCd94gcNPB9bTXkrvNXXRveU8wA@mail.gmail.com> <CAJ_4DfQ6zqVeUUF7XcoT110kVcP1BJFEtqVR-+FN5XD2UuRMMA@mail.gmail.com> <CABcZeBMVNy151rFntLutSPtctPsd2Ei3Qy-ChuEXVMVpz4pgdQ@mail.gmail.com>
In-Reply-To: <CABcZeBMVNy151rFntLutSPtctPsd2Ei3Qy-ChuEXVMVpz4pgdQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [2001:67c:370:1998:5a4:9c18:7c96:a094]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN1PR08MB1981; 6:96/Jyfgy8m1temrZOND8UEGcJ828U9xqIgM7mCHI1OWxwFwMMTK9k5cvYP6+imJQPOgrboGU4kEGuSRizbWAIKvq+0kVXbL551o2UdeL338S+L1S0fxh1IsMuWqK/5TTLC42ob+AjCy0JJakTk8cMmxkFGEVzA73a+lZELgM9gjzwKgWgQxXenvf51+7vlzk4qkedTywZzZtAQsZr2fkC2L0ZOfs+13ZOkr5MY9H1+IqSrB3A/zooHA/m/+YtpZlwypDQCLYE1K9bwYoeKJVcEUbsp4IOgpNFCwdtYvsbwIcYju+QbdT6i3K9XAGMzJpBl3bvAp0MMYslq/aryZM/eGulQp8jUBac/zeQL+SRmKDM9hyKhJ5dh2y1IVRWjHc; 5:luSHy0gxtI/e2bBnqXoPnlnKRp2faz+Sp69j8jDPNyggThWnepJDAnruzaGUi+qRU94f9xY8KCcVJat7R3auThBjuVWNfj1d9xR4M45lIyKYXYDDN+bQ+N+8fKTUPH6R3CJ4OOO9P1zSOd12fSy3xB8/BZxaf8i3hi6R3qwZ20s=; 24:4wgBrPOse0JoTXyx3xBWPckVtftH3tqL+6JFFewd9rE5rZfn7qUAYUJnPznQJ52OKTN4ZJ1x97kvZ4xREiUmJQJs8d9XVlZAoSmaRvxU82U=; 7:wbo+lwNeTnhaDe/+RuLaX78BVGJ8OtWB6dASCoj/6fK9nV0MzMpi6TscgpwFdm/fkmvd0gISYur32UH8Luar7foRVFbO0XVnAgZILb7lZr4TX+oBw/kqmZcXSFaMlEb9waVpiO+m0WdzKPYVRip0Iuj48eef04N0hwkhxBLZFJgo6FNAWxINjFohv5WuVSssmCyuKT7fMMo0IjxeNgdNf4O2EWvEONfJ9Dk1Sjw+mexA8keopfm6o2wkHNQ+jo3Q
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: c66f8e1d-de06-43be-e9fa-08d5900c0d84
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020); SRVR:SN1PR08MB1981;
x-ms-traffictypediagnostic: SN1PR08MB1981:
x-microsoft-antispam-prvs: <SN1PR08MB1981DF46589D220C9C299EE9DAA90@SN1PR08MB1981.namprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(211936372134217)(153496737603132)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(3231221)(944501327)(52105095)(10201501046)(6041310)(20161123564045)(20161123558120)(20161123560045)(2016111802025)(20161123562045)(6043046)(6072148)(201708071742011); SRVR:SN1PR08MB1981; BCL:0; PCL:0; RULEID:; SRVR:SN1PR08MB1981;
x-forefront-prvs: 0619D53754
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400003)(39380400002)(396003)(376002)(346002)(366004)(189003)(199004)(68736007)(790700001)(236005)(6116002)(74316002)(8676002)(25786009)(3280700002)(5250100002)(229853002)(2906002)(53546011)(105586002)(6246003)(53936002)(33656002)(561944003)(11346002)(446003)(55016002)(102836004)(4326008)(5660300001)(9686003)(6306002)(3660700001)(54896002)(2900100001)(110136005)(14454004)(99286004)(316002)(19609705001)(478600001)(6436002)(46003)(86362001)(3480700004)(74482002)(106356001)(6506007)(97736004)(81166006)(81156014)(76176011)(8936002)(7116003)(7696005)(186003)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR08MB1981; H:SN1PR08MB1854.namprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
x-microsoft-antispam-message-info: AXs7mlNfsT2pIdjbwQp54TwFj9wFrSl31eqmXbcKXfJmUvGmSwXMYT3rg5o/eGRyrDTPBcvNLc9zMWwstHlioSiy1EjpiZDW0PJZKeVC63tcRnHqM646Ug69vKdxGDrk0pYBUcAhWGLZYvTSCxA2lnjd5QTHAwgNblgh/9Mr0rAjPKshAHSux4iG+0T3mRuRsY42vKZoiMeUr8u7wb8K81JV0E6+UZfPHMnmvAw1nIy0ImYWb9DdsY/c2p2E+0i8sMB6nqal1JOx1PdwS1kHUCQjHFvwXpenv7s1OqP0n6hs+jIGIlQxjopTpDCbKXADuOO0odVCJ8usXiy7K8pdDA==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN1PR08MB1854DD71FDCB9FBA48DD26E9DAA90SN1PR08MB1854namp_"
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: c66f8e1d-de06-43be-e9fa-08d5900c0d84
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2018 15:46:18.2364 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR08MB1981
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/QUlcd4kUypIUhLmlD2DKtW3HNAE>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 15:46:25 -0000

Technically, no, it wouldn’t.  Servers accept if they’re capable/willing to speak the version the client selected, so a server that supports both would always accept no matter what the client chooses.  You’d need the server to be contrarian a small percentage of the time instead.

From: QUIC <quic-bounces@ietf.org> On Behalf Of Eric Rescorla
Sent: Thursday, March 22, 2018 2:26 PM
To: Ryan Hamilton <rch@google.com>
Cc: IETF QUIC WG <quic@ietf.org>
Subject: Re: Exercising Version Negotiation

It would exercise the former.

-Ekr


On Thu, Mar 22, 2018 at 2:10 PM, Ryan Hamilton <rch@google.com<mailto:rch@google.com>> wrote:
When you say Version Negotiation, do you mean the process of sending an receiving a version negotiation packet, or simply the act of speaking two different versions? Your proposal seems to be the latter but I don't think I follow how it would exercise the former, though maybe that's intentional?

On Thu, Mar 22, 2018 at 5:03 AM, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
Following up on the discussion at the mic, I do think it is useful to exercise the VN function, but I don't think it's useful to have those versions be different, because that creates perverse incentives.

Here's what I suggest instead: create two versions (we can call them QUIC v1+i  and QUIC v1-i), each with its own code point [0]. They should be essentially identical except for two trivial differences, intended to ensure that if you screw up version negotiation, you get failed interop.

- The constant in the handshake salt (5.2.2)
- The HKDF expansion constants

I suggest we handle each of these by just inverting the bits.

We would then suggest to people that they somewhat randomize their preferences (e.g., 99% of the time prefer v1+i, 1% of the time prefer v1-i). This will almost always result in matching versions, but will occasionally result in a mismatch, thus forcing us to test VN.

-Ekr

[0] Obviously we can do this for draft versions. We just say that the two versions are
ff0000XX and ffffffXX.