IETF Logo Mail Archive

Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS

Ted Hardie <ted.ietf@gmail.com> Wed, 02 October 2019 00:55 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB3E012009E for <quic@ietfa.amsl.com>; Tue, 1 Oct 2019 17:55:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94IjNueB-7r0 for <quic@ietfa.amsl.com>; Tue, 1 Oct 2019 17:55:29 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9B6212008B for <quic@ietf.org>; Tue, 1 Oct 2019 17:55:28 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id n197so52893077iod.9 for <quic@ietf.org>; Tue, 01 Oct 2019 17:55:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CcRsMlrwcCDc+8ZLQHFaB8G/KSqvEB8B0k1RyOP+uT0=; b=u45wYxsTurb1yfgLfplV7t9ApdtRO24iy+TUHokEDLpS2eSrHTOD+h5OgX/Q1OkIZr s4DN7mDoozfcYi+73m7SeuSOF/TahHnTQ5wW9r0mrpGZcI3CvC0WYh2nSWrPSj0/ZDgK a8tJJuQKocIpthe4JzMYlcQCs3M388NwAcBkyyUCHrdZ/pJ4FqWpc11EkRVralZAZ60L eeQ0HS+pZIn9K2XsNay/rXmcQ7Idu7Lt37K3gv5v6EEfqTTNSgll1c0IzWOB7A+Ec57Q NQ+hbvPzpZ1B/nSexjHViRZe0GiPk55NtNB//1xAJkUUT+P29ZWd+MixMaC1noy3Gynk PnxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CcRsMlrwcCDc+8ZLQHFaB8G/KSqvEB8B0k1RyOP+uT0=; b=kO5fNsQ4zfrwkQWoQNm5+OOkrE9ixBCW54JI4yf9tzwsfsqEMbIWY1qVmhWc/pQYUb KEmH+KTIjiUu8zAVGH89tJpRU0ixTl1h0yfnuslLucVhEoZ9ACkamHYtTCZXWwYoS+qB mWoiNYWHXBVXOtFktbLgemhCT8kmyXW3uj7fCwryXQk9ABS6xcXKI/d/w7MPZj2ansJZ 7uiqJOWGR9sR6g2BLUXtB7LdUB8vWo27exArNuVVQGCRclA7RvKLgaI4RZWZ0qELV0KF 836OWsJwpbw+9td4CmEvXCvC0Hkt++ZgrWT0sJBKMnXuxe1En3jrn23nWLXK5YqT4Yba tMlw==
X-Gm-Message-State: APjAAAVPP7FMCq2OcQ+muD0g40FkQWrYvssssa71WI6UxPxosASiLYJv 6bSwZtuIAJXyK0oXCsJNCB84/gcToSXWRByafgGxXqyw
X-Google-Smtp-Source: APXvYqwC8pBobq5CiOcb5lc4K5esyeam2UBpD63oui9VCwrYddfhOAEn0wdbgdkJ+eLh/iceU48Mrj3zt3zqmyt/C5U=
X-Received: by 2002:a92:4915:: with SMTP id w21mr1099504ila.121.1569977727935; Tue, 01 Oct 2019 17:55:27 -0700 (PDT)
MIME-Version: 1.0
References: <CACdeXiLEnvmqmxSgXbvAwEo0rgm-F59RL2sk0Ugu6PNuiDkfsw@mail.gmail.com> <CA+9kkMCOx-3cBq1_X4acHPjKtWUYSFLiLsu8HuEFOmDKxv7aww@mail.gmail.com> <CABcZeBNL0AYJF6J5Dn8LYYfK+Gv39_LPknSNtrMgRcp_tgayZQ@mail.gmail.com> <CACdeXiJFSo0-oK60ONnVfXFN66nO5f292m65znD9MW4DKRJJfg@mail.gmail.com>
In-Reply-To: <CACdeXiJFSo0-oK60ONnVfXFN66nO5f292m65znD9MW4DKRJJfg@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Tue, 01 Oct 2019 17:55:05 -0700
Message-ID: <CA+9kkMCUbxWAbAfuDM4jLCC=NQu0k6-RiJYAk4v8Y_Q26y6a3Q@mail.gmail.com>
Subject: Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS
To: Nick Harper <nharper@google.com>
Cc: Eric Rescorla <ekr@rtfm.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c76cd80593e2ec8b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Wt6A4RgTrWPpVI98JjPkx2zkyqY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 00:55:32 -0000

Hi Nick,

On Tue, Oct 1, 2019 at 4:41 PM Nick Harper <nharper@google.com> wrote:

> I think it loses most of its utility if it's not a v1 feature. The
> main motivation for the feature is to simplify application protocols.
> At the time that v2 is introduced and application protocols are being
> specified to use it, existing application protocols will already have
> an application-specific way to negotiate params, so they will continue
> to use that instead of using both the existing application-specific
> mechanism (for v1) and v2-only application parameters feature (for
> v2+). (I'm assuming that as applications switch from using QUIC v1 to
> QUIC v2, it will be like upgrading H2 from TLS 1.2 to TLS 1.3, instead
> of like upgrading H2 to H3.)
>
> There is no doubt there is a tension here, but if you look at our original
milestones (https://datatracker.ietf.org/wg/quic/history/) we are more than
somewhat late.  Having just sent one "Late, great WG name" message, I'm
probably a bit more sensitive to this than most, but I strongly believe
that getting QUIC v1 out there and getting field experience now is the best
choice for the moment.    This is a major design issue, and it is coming
late when we are trying to raise the bar on change.

If we didn't have a workable solution at all, this would be something that
was clearly needed.  But the current approach does work and has understood
privacy properties. As I said, other applications may need substantially
different things than H2 and getting something of sufficient generality
will take time.  The other option, specifying so its suits only H2 well is
the other side of the risk you have above, and I believe it is a serious
risk.

Architectural purity is on your side, so I don't think you're wrong to want
this.  But I think it may be a want, not a need, at this point.  And that
is why my answer sides with Roberto.

Just my personal opinion,

Ted


> On Tue, Oct 1, 2019 at 1:51 PM Eric Rescorla <ekr@rtfm.com> wrote:
> >
> > Does this need to be a 1.0 feature?
> >
> > On Fri, Sep 27, 2019 at 12:13 PM Ted Hardie <ted.ietf@gmail.com> wrote:
> >>
> >> Hi Nick,
> >>
> >> Two points in addition to the privacy issue already raised make me
> concur with Roberto that this should be v2 or later.  The first is this:
> >>
> >> "Negotiating or advertising features is something multiple
> applicationswill need to do and is not a feature specific to H3."
> >>
> >> Absolutely true, but there is also a fairly large variability in how
> applications do this.  If we design something now that works for H3, it may
> very well be sub-optimal or useless for later application targets.  Getting
> something general enough to handle DNS, WEBRTC,  SMTP, plus the various
> flavors of IoT protocols I've heard as targets hoping to move to QUIC is
> going to take time and care, and it will block completion of v1.
> >>
> >> The second is this:
> >>
> >> *The other downside is that if too much data is put in application
> parameters, it could cause the number of packets for a client or server’s
> flight to go from N to N+1, which would increase the chance of head of line
> blocking.
> >>
> >> Depending on what counts as application parameters, this could be more
> than N+1.  Someone running NETCONF over QUIC, for example, would be using a
> fairly verbose syntax in which each parameter is a full URN.
> >>
> >> regards,
> >>
> >> Ted Hardie
> >>
> >>
> >> On Thu, Sep 26, 2019 at 5:52 PM Nick Harper <nharper=
> 40google.com@dmarc.ietf.org> wrote:
> >>>
> >>> I propose introducing application parameters to the QUIC handshake and
> >>> using this new mechanism for H3 SETTINGS instead of sending them as
> >>> the first thing in the control stream. Application parameters would
> >>> allow applications using QUIC to advertise or negotiate
> >>> application-specific parameters during the cryptographic and transport
> >>> handshake. It would guarantee that the client and server have
> >>> exchanged their application parameters once the handshake is complete.
> >>>
> >>> Specifically, I’m proposing a new “application_layer_parameters”
> >>> transport parameter, which when sent by the client is a series of ALPN
> >>> identifiers with an opaque blob of application parameters per
> >>> identifier, and when sent by the server is a single opaque blob of
> >>> application parameters for the application identified in the ALPN
> >>> extension.
> >>>
> >>> Negotiating or advertising features is something multiple applications
> >>> will need to do and is not a feature specific to H3. Whatever we do in
> >>> H3 will likely be copied by other applications using QUIC. By
> >>> providing a general mechanism in QUIC transport, we provide
> >>> applications with a consistent way of achieving this goal. QUIC has a
> >>> design pattern of collapsing multiple layers into one to save on round
> >>> trips (e.g. combining crypto and transport handshake); this fits in
> >>> with that pattern.
> >>>
> >>> Using application parameters for H3 SETTINGS clears up some issues. H3
> >>> doesn’t need to specify that an endpoint shouldn’t wait for its peer’s
> >>> SETTINGS since they’ve already arrived. Likewise, there is no
> >>> confusion about whether SETTINGS arriving after session tickets are
> >>> bound to the session tickets; SETTINGS arrives before the tickets and
> >>> the client doesn’t need to wait for the receipt of SETTINGS to bind
> >>> them to the ticket. It also simplifies the server binding SETTINGS to
> >>> the ticket since that is done as part of binding transport parameters
> >>> to the ticket.
> >>>
> >>> This also provides opportunities for future features. Since the
> >>> exchange of SETTINGS occurs before application data, a new feature
> >>> doesn’t need to be specified in a way to provide an upgrade path from
> >>> “vanilla” H3 to something including this feature, and instead be
> >>> guaranteed that the new feature can be used for the entire connection.
> >>>
> >>> Without application parameters, each application that needs to
> >>> advertise or negotiate application settings needs its own mechanism to
> >>> do so. This would result in multiple transport parameters or
> >>> extensions leading to duplication of work and layering violations.
> >>> Applications could instead exchange these settings in application
> >>> data, meaning that each application needs to define the semantics of
> >>> application data received before and after the settings have been
> >>> exchanged, as H3 currently does.
> >>>
> >>> There is already a demonstrated need for an application parameters
> >>> mechanism in the QUIC handshake. One example is
> >>> https://tools.ietf.org/html/draft-vvv-webtransport-quic-00 which is
> >>> currently using a “web_accepted_origins” transport parameter but could
> >>> easily use an application parameters mechanism instead.
> >>>
> >>> I see two downsides to this proposal. The first is that the client’s
> >>> application parameters are sent in the clear. Application designers
> >>> will need to make a decision of how much they want to use this
> >>> functionality (they could limit what is sent by the client or only use
> >>> application parameters in the server direction). For H3, there are
> >>> only three SETTINGS, QPACK_MAX_TABLE_CAPACITY, QPACK_BLOCKED_STREAMS,
> >>> and MAX_HEADER_LIST_SIZE, which do not reveal any information about
> >>> the user or the server they are connecting to and are likely constant
> >>> per H3 implementation.
> >>>
> >>> The other downside is that if too much data is put in application
> >>> parameters, it could cause the number of packets for a client or
> >>> server’s flight to go from N to N+1, which would increase the chance
> >>> of head of line blocking.
> >>>
> >>> Related issues:
> >>> https://github.com/quicwg/base-drafts/issues/2790: Binding settings
> >>> into session tickets
> >>> https://github.com/quicwg/base-drafts/issues/2945: When to send the
> >>> SETTINGS frame
> >>> https://github.com/quicwg/base-drafts/issues/2783: Consider making
> >>> SETTINGS part of the control stream header
> >>> https://github.com/quicwg/base-drafts/issues/436: Move SETTINGS into
> >>> TLS Handshake
> >>>
>

v2.23.0 | Report a Bug | By Email