Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS
Nick Harper <nharper@google.com> Thu, 10 October 2019 21:52 UTC
Return-Path: <nharper@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56A68120059 for <quic@ietfa.amsl.com>; Thu, 10 Oct 2019 14:52:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lnjjqeu71aub for <quic@ietfa.amsl.com>; Thu, 10 Oct 2019 14:52:28 -0700 (PDT)
Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com [IPv6:2607:f8b0:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0A7D120041 for <quic@ietf.org>; Thu, 10 Oct 2019 14:52:27 -0700 (PDT)
Received: by mail-oi1-x22a.google.com with SMTP id i185so6269193oif.9 for <quic@ietf.org>; Thu, 10 Oct 2019 14:52:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FUzsp9q5XdGNUc+ze9nnMDQ2vdAWqojjqD1Wg9G0SuA=; b=L5y+drfJaWK4ubTUyA344sHyuQ/hl7hnrbL8fqbHpR46/SGTMvgfnpzvRnAB2sRxJU O2OVE+whwekYVdzMWQnoNK31/TwpEbjjmhXeaAx6MV0VReoR68QpMwD+8FQLplijZe49 Mk76E7AxOaTfUM8Mx6hLgmIeCxXx/r4ZL59qprJTAJH2ym2QH1OD1nXJ1OoHNIBRTxKi WYyaoFxoRpoIRSS8BYvn9F1f8msnr/n0JrIkmdPPLf6R4xIeCfISR4HasDugHP0R6+Sb BbKd0wvPDt0qZdAH6owe/dT7aDCZpcbz0xjOpUtElPhFd8/Z7+xnR9/mYQ51hZd/gIG/ wGZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FUzsp9q5XdGNUc+ze9nnMDQ2vdAWqojjqD1Wg9G0SuA=; b=L6y1VSRZPsmE6RSGYR/YrZI+q3ifviTwSqBirKFLXQDYBUnXnrx9k2Ar1ameeKTjnU PhXmWH7DvT1Up7LpjxPoWvj/ivktXR5FBx8PiY5esGOPQd8f3sshWbX0G7/DltebYnGi lDCiUYDF+OuCHVMJnA8KCyAsVFOlAuW1kQQGY/zOr4X3h3F67PCWM6sJ0PKGzkhHOvoQ q+azxr8GFIce4R4iuTUaQSTJn81jJJgugWkm24PCIuKomUUL1r9yAMW4xz0l3p12DSAQ Z6KQguHHvBJbBXWRQIjER4GcKpb/CYaZ8aPM23dKvwTJPo7GlDMVrVez3F2kCtChKria 7xKA==
X-Gm-Message-State: APjAAAVRZjiAgskTP2se9hRgCTGhbc4YWKTTBJcdoCddH4gFfOf8O8bx DwBHh+8ZvR6APjReG78RMiZOHWmsXBuc+p1HCB48SA==
X-Google-Smtp-Source: APXvYqzeTStULfmfm6D67yzynwn3xc7ykJTfkP7lJN6yqp96+9wCWQX1Mld2l0T0h6fDTa19UxHpqmETUnmJgwHk+y8=
X-Received: by 2002:aca:6087:: with SMTP id u129mr9801017oib.149.1570744346577; Thu, 10 Oct 2019 14:52:26 -0700 (PDT)
MIME-Version: 1.0
References: <CACdeXiLEnvmqmxSgXbvAwEo0rgm-F59RL2sk0Ugu6PNuiDkfsw@mail.gmail.com> <CA+9kkMCOx-3cBq1_X4acHPjKtWUYSFLiLsu8HuEFOmDKxv7aww@mail.gmail.com> <CABcZeBNL0AYJF6J5Dn8LYYfK+Gv39_LPknSNtrMgRcp_tgayZQ@mail.gmail.com> <CACdeXiJFSo0-oK60ONnVfXFN66nO5f292m65znD9MW4DKRJJfg@mail.gmail.com> <CAPDSy+49Kk1GUS+WoyNaKTJ2AnyvhYmiAMXQk-Oi-Xczgenquw@mail.gmail.com> <CANatvzwb_Yp9dhpQv+Adv6JGk-wFYrc4XnJ0H7waNFzqb02wDg@mail.gmail.com> <CAPDSy+4aFG_JUUQYxhXFUmhShXML58uSp2v+pEW9cy6FPcyuCw@mail.gmail.com> <CANatvzw5fXE-JuYvGegSm1yP38XHcjyUx5mbz53KAJJECVsfMQ@mail.gmail.com>
In-Reply-To: <CANatvzw5fXE-JuYvGegSm1yP38XHcjyUx5mbz53KAJJECVsfMQ@mail.gmail.com>
From: Nick Harper <nharper@google.com>
Date: Thu, 10 Oct 2019 14:52:14 -0700
Message-ID: <CACdeXiLnnAWwz5cBg=hYJoVLQkSOJYRubySjTfXP7UQ4OQ6xYA@mail.gmail.com>
Subject: Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, Eric Rescorla <ekr@rtfm.com>, IETF QUIC WG <quic@ietf.org>, Ted Hardie <ted.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000cfe5d40594956aab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/WW3VoKh0mNQd_Ietf5DEdjjoRhk>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2019 21:52:32 -0000
I filed https://github.com/quicwg/base-drafts/issues/3086 for this issue and so we can discuss it next week in Cupertino. On Wed, Oct 2, 2019 at 4:50 PM Kazuho Oku <kazuhooku@gmail.com> wrote: > 2019年10月3日(木) 6:21 David Schinazi <dschinazi.ietf@gmail.com>: > > > > If we decide that the first requests need to operate without knowledge > of settings, > > we're effectively crippling the main extension mechanism we have in > HTTP/3. > > I'm not comfortable saying that for the entire lifetime of QUICv1 we > cannot have > > extensions that impact the first requests. That feels like painting > ourselves into a corner. > > > > There are many features that we can punt out of QUICv1 and figure out > later as extensions, > > but it's critical that we build an extension mechanism that allows that. > > For HTTP/3, I think that we'd likely be fine with not having settings > delivered before issuing requests. That's how HTTP/2 has been, and we > are used to dealing with that. Though admittedly, QPACK is more > disciplined on what can be done in such case compared to HPACK. > > Other application protocols using QUIC v1 can define their own TP, if > having settings exchanged before 1-RTT data becomes a critical issue > for them. > > > > > On Tue, Oct 1, 2019 at 6:23 PM Kazuho Oku <kazuhooku@gmail.com> wrote: > >> > >> 2019年10月2日(水) 9:21 David Schinazi <dschinazi.ietf@gmail.com>: > >> > > >> > Additionally, the current status quo makes it hard to have SETTINGS > >> > play nicely with 0-RTT. Fixing this is important to deploying IETF > QUIC. > >> > >> While I understand and share the pain, I am not sure if this should be > >> a blocker for QUIC v1, as 0-RTT is essentially a must-implement for > >> HTTP/3 (the primary application protocol for QUIC v1). > >> > >> 0-RTT requires clients (and servers) to operate without the knowledge > >> of the settings that are sent by the server. Until the client receives > >> the settings of the server and switches to using 1-RTT packets, the > >> client is expected to use the settings of the previous connection. The > >> server is expected to accept 0-RTT only if it knows that the settings > >> parameters of that the client is using for 0-RTT. > >> > >> Assuming that we cannot remove this requirement, I do not think it's > >> too complicated to require endpoints when using 1-RTT to operate > >> without the knowledge of settings (i.e. operate with a very > >> conservative set of properties) until it receives the settings from > >> the peer. > >> > >> > We're chartered to produce a protocol with fast connection > establishment, > >> > and if we fail to negotiate options and extensions nicely with that, > we'll > >> > harm extensibility long-term and cause deployment of damaging > workarounds. > >> > > >> > David > >> > > >> > On Tue, Oct 1, 2019 at 4:41 PM Nick Harper <nharper= > 40google.com@dmarc.ietf.org> wrote: > >> >> > >> >> I think it loses most of its utility if it's not a v1 feature. The > >> >> main motivation for the feature is to simplify application protocols. > >> >> At the time that v2 is introduced and application protocols are being > >> >> specified to use it, existing application protocols will already have > >> >> an application-specific way to negotiate params, so they will > continue > >> >> to use that instead of using both the existing application-specific > >> >> mechanism (for v1) and v2-only application parameters feature (for > >> >> v2+). (I'm assuming that as applications switch from using QUIC v1 to > >> >> QUIC v2, it will be like upgrading H2 from TLS 1.2 to TLS 1.3, > instead > >> >> of like upgrading H2 to H3.) > >> >> > >> >> On Tue, Oct 1, 2019 at 1:51 PM Eric Rescorla <ekr@rtfm.com> wrote: > >> >> > > >> >> > Does this need to be a 1.0 feature? > >> >> > > >> >> > On Fri, Sep 27, 2019 at 12:13 PM Ted Hardie <ted.ietf@gmail.com> > wrote: > >> >> >> > >> >> >> Hi Nick, > >> >> >> > >> >> >> Two points in addition to the privacy issue already raised make > me concur with Roberto that this should be v2 or later. The first is this: > >> >> >> > >> >> >> "Negotiating or advertising features is something multiple > applicationswill need to do and is not a feature specific to H3." > >> >> >> > >> >> >> Absolutely true, but there is also a fairly large variability in > how applications do this. If we design something now that works for H3, it > may very well be sub-optimal or useless for later application targets. > Getting something general enough to handle DNS, WEBRTC, SMTP, plus the > various flavors of IoT protocols I've heard as targets hoping to move to > QUIC is going to take time and care, and it will block completion of v1. > >> >> >> > >> >> >> The second is this: > >> >> >> > >> >> >> *The other downside is that if too much data is put in > application parameters, it could cause the number of packets for a client > or server’s flight to go from N to N+1, which would increase the chance of > head of line blocking. > >> >> >> > >> >> >> Depending on what counts as application parameters, this could be > more than N+1. Someone running NETCONF over QUIC, for example, would be > using a fairly verbose syntax in which each parameter is a full URN. > >> >> >> > >> >> >> regards, > >> >> >> > >> >> >> Ted Hardie > >> >> >> > >> >> >> > >> >> >> On Thu, Sep 26, 2019 at 5:52 PM Nick Harper <nharper= > 40google.com@dmarc.ietf.org> wrote: > >> >> >>> > >> >> >>> I propose introducing application parameters to the QUIC > handshake and > >> >> >>> using this new mechanism for H3 SETTINGS instead of sending them > as > >> >> >>> the first thing in the control stream. Application parameters > would > >> >> >>> allow applications using QUIC to advertise or negotiate > >> >> >>> application-specific parameters during the cryptographic and > transport > >> >> >>> handshake. It would guarantee that the client and server have > >> >> >>> exchanged their application parameters once the handshake is > complete. > >> >> >>> > >> >> >>> Specifically, I’m proposing a new “application_layer_parameters” > >> >> >>> transport parameter, which when sent by the client is a series > of ALPN > >> >> >>> identifiers with an opaque blob of application parameters per > >> >> >>> identifier, and when sent by the server is a single opaque blob > of > >> >> >>> application parameters for the application identified in the ALPN > >> >> >>> extension. > >> >> >>> > >> >> >>> Negotiating or advertising features is something multiple > applications > >> >> >>> will need to do and is not a feature specific to H3. Whatever we > do in > >> >> >>> H3 will likely be copied by other applications using QUIC. By > >> >> >>> providing a general mechanism in QUIC transport, we provide > >> >> >>> applications with a consistent way of achieving this goal. QUIC > has a > >> >> >>> design pattern of collapsing multiple layers into one to save on > round > >> >> >>> trips (e.g. combining crypto and transport handshake); this fits > in > >> >> >>> with that pattern. > >> >> >>> > >> >> >>> Using application parameters for H3 SETTINGS clears up some > issues. H3 > >> >> >>> doesn’t need to specify that an endpoint shouldn’t wait for its > peer’s > >> >> >>> SETTINGS since they’ve already arrived. Likewise, there is no > >> >> >>> confusion about whether SETTINGS arriving after session tickets > are > >> >> >>> bound to the session tickets; SETTINGS arrives before the > tickets and > >> >> >>> the client doesn’t need to wait for the receipt of SETTINGS to > bind > >> >> >>> them to the ticket. It also simplifies the server binding > SETTINGS to > >> >> >>> the ticket since that is done as part of binding transport > parameters > >> >> >>> to the ticket. > >> >> >>> > >> >> >>> This also provides opportunities for future features. Since the > >> >> >>> exchange of SETTINGS occurs before application data, a new > feature > >> >> >>> doesn’t need to be specified in a way to provide an upgrade path > from > >> >> >>> “vanilla” H3 to something including this feature, and instead be > >> >> >>> guaranteed that the new feature can be used for the entire > connection. > >> >> >>> > >> >> >>> Without application parameters, each application that needs to > >> >> >>> advertise or negotiate application settings needs its own > mechanism to > >> >> >>> do so. This would result in multiple transport parameters or > >> >> >>> extensions leading to duplication of work and layering > violations.. > >> >> >>> Applications could instead exchange these settings in application > >> >> >>> data, meaning that each application needs to define the > semantics of > >> >> >>> application data received before and after the settings have been > >> >> >>> exchanged, as H3 currently does. > >> >> >>> > >> >> >>> There is already a demonstrated need for an application > parameters > >> >> >>> mechanism in the QUIC handshake. One example is > >> >> >>> https://tools.ietf.org/html/draft-vvv-webtransport-quic-00 > which is > >> >> >>> currently using a “web_accepted_origins” transport parameter but > could > >> >> >>> easily use an application parameters mechanism instead. > >> >> >>> > >> >> >>> I see two downsides to this proposal. The first is that the > client’s > >> >> >>> application parameters are sent in the clear. Application > designers > >> >> >>> will need to make a decision of how much they want to use this > >> >> >>> functionality (they could limit what is sent by the client or > only use > >> >> >>> application parameters in the server direction). For H3, there > are > >> >> >>> only three SETTINGS, QPACK_MAX_TABLE_CAPACITY, > QPACK_BLOCKED_STREAMS, > >> >> >>> and MAX_HEADER_LIST_SIZE, which do not reveal any information > about > >> >> >>> the user or the server they are connecting to and are likely > constant > >> >> >>> per H3 implementation. > >> >> >>> > >> >> >>> The other downside is that if too much data is put in application > >> >> >>> parameters, it could cause the number of packets for a client or > >> >> >>> server’s flight to go from N to N+1, which would increase the > chance > >> >> >>> of head of line blocking. > >> >> >>> > >> >> >>> Related issues: > >> >> >>> https://github.com/quicwg/base-drafts/issues/2790: Binding > settings > >> >> >>> into session tickets > >> >> >>> https://github.com/quicwg/base-drafts/issues/2945: When to send > the > >> >> >>> SETTINGS frame > >> >> >>> https://github.com/quicwg/base-drafts/issues/2783: Consider > making > >> >> >>> SETTINGS part of the control stream header > >> >> >>> https://github.com/quicwg/base-drafts/issues/436: Move SETTINGS > into > >> >> >>> TLS Handshake > >> >> >>> > >> >> > >> > >> > >> -- > >> Kazuho Oku > > > > -- > Kazuho Oku >
- Add application parameters to QUIC handshake and … Nick Harper
- Re: Add application parameters to QUIC handshake … Christian Huitema
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … Mikkel Fahnøe Jørgensen
- Re: Add application parameters to QUIC handshake … Ian Swett
- Re: Add application parameters to QUIC handshake … Lucas Pardue
- Re: Add application parameters to QUIC handshake … Roberto Peon
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … Ted Hardie
- Re: Add application parameters to QUIC handshake … Eric Rescorla
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … David Schinazi
- Re: Add application parameters to QUIC handshake … Ted Hardie
- Re: Add application parameters to QUIC handshake … Kazuho Oku
- Re: Add application parameters to QUIC handshake … David Schinazi
- Re: Add application parameters to QUIC handshake … Kazuho Oku
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … Dmitri Tikhonov
- Re: Add application parameters to QUIC handshake … David Schinazi