IETF Logo Mail Archive

Re: Version negotiation: the bare minimum?

David Schinazi <dschinazi.ietf@gmail.com> Tue, 13 April 2021 17:51 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73FFF3A20C7 for <quic@ietfa.amsl.com>; Tue, 13 Apr 2021 10:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sRVE5UZfIjje for <quic@ietfa.amsl.com>; Tue, 13 Apr 2021 10:51:39 -0700 (PDT)
Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB5673A20C4 for <quic@ietf.org>; Tue, 13 Apr 2021 10:51:39 -0700 (PDT)
Received: by mail-pf1-x42b.google.com with SMTP id a12so11910137pfc.7 for <quic@ietf.org>; Tue, 13 Apr 2021 10:51:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WARo2VMRRRP5j3hPTWyYAX0tAscSCNIBmkrpxNqvCsg=; b=qBLv4sSb74ud8nABKcNAp+9Ah1aMVyxOLXwFRO3FzXDNL3rZ0/GwN5RUckOteCFiGj Ai+Lyh4NzU7F3MFgK+XvU2Nm/Rw2WBDmIIyV5+u6QqfGFNF82kCJ6WVLumsExSuvzImw 1ekx1d6SgNPQyj6sPUKQagBmpsLbr96MYAhZo6r+J8dwifC1Rw67w0sw3L1aS+wREDn9 53qLZbpbiic19CCdLmB+utROFSSj5lgOxsfIXcgGrT2URea6KBWUq0/W3KtOlzKnpX2Y 70FNC2oEzG0n+7XgWlMq9EuG5vJ4iX76bZQcARq5kydJ2Svz2CN6SvqxziLmfokEQzES d0tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WARo2VMRRRP5j3hPTWyYAX0tAscSCNIBmkrpxNqvCsg=; b=tIAvCaKWWKDyaOPF3gmSgIQCF+JGSuUfeobVjE+NKUFbLO0rkNEfDFWxWQZW9cBqej wcQE7gdrKrJQmbG8Vws2d42+LAOR2KeWr/xSF1YAZ5Zan4DdylLK9K1pHBCfk3b8Qqq1 5J2YcgavjgLSGadkL0Vh0207RCKnfaqz1pbImPnxg9jY2Qj4oO4H9h1wT8LfDzY1h34M oF4ISkcs+vhn1zvI0IcuF3qT+nlXmmVO2bpwBV9z8o+6Je9NgA9nCRoZNFnYKGLC1LLy u31YthnCmakyY3dw3n8l0vy3VTkFXSbGHjXTaS6FplCutPuHhmccplE0T9cXdwxcDqDI rgqA==
X-Gm-Message-State: AOAM533yHxCRVQTOvBrggcXUWbk7AkyNIOp5hXKo9Se3s1/pX+XhGOPb U5L3aUUUD+gDKWwSKVyTRJc3mFTgbXoSwKMrhfc=
X-Google-Smtp-Source: ABdhPJwcE10QeSAKwMTFPNaUt39/tyYcMxthN5xoxAfgFqWC9zp7W6RoI8JYSm4ittZGhy6TU2X66Li7u9JfFs6+K00=
X-Received: by 2002:a62:528e:0:b029:1f5:c5ee:a487 with SMTP id g136-20020a62528e0000b02901f5c5eea487mr30090211pfb.7.1618336298691; Tue, 13 Apr 2021 10:51:38 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cm-vWCZEeA+kh-BUF0M0ZhM_ev6R-9DYZgWQCA-byHofQ@mail.gmail.com> <CAPDSy+4QLJnE8njgsP33GQLnwtNH1v6ACbWTfOXhe00jXdwCbw@mail.gmail.com> <6322e767-433c-7181-08ae-897c6625f3f2@huitema.net> <CAPDSy+6dH9iVeRxQeAkNqCQKLSP510L3Nm+ZwRYsmQKGaMVNGg@mail.gmail.com> <CALGR9oZ+nL7PgUYwbeRS25HbHQfEAdtVuMySPZnf3f8J=pyC0A@mail.gmail.com> <CACsn0c=MTyb3SWBN9-k-ZfiB3YE=WCYSRB7sPEw=4LJ9STPaTw@mail.gmail.com> <fbcc7edf-cbd1-be18-bf95-8dcfdbc2fab2@huitema.net>
In-Reply-To: <fbcc7edf-cbd1-be18-bf95-8dcfdbc2fab2@huitema.net>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Tue, 13 Apr 2021 10:51:27 -0700
Message-ID: <CAPDSy+5V4Q4ahwwcZZaL8niVQ7GnAfnmum0TfZVSwgbTck9C3A@mail.gmail.com>
Subject: Re: Version negotiation: the bare minimum?
To: Christian Huitema <huitema@huitema.net>
Cc: Watson Ladd <watsonbladd@gmail.com>, Lucas Pardue <lucaspardue.24.7@gmail.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000035ee3405bfde4828"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/_KkGkOgIPA3Qf4aSV59yUEBfgsU>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Apr 2021 17:51:44 -0000

Hi Watson and Christian,

Glad to hear you'll be there! Would you also be able to prepare a proposal?
It sounds like you've put some thought into this and it would be great to
have something concrete to discuss.

Thanks,
David

On Tue, Apr 13, 2021 at 12:06 AM Christian Huitema <huitema@huitema.net>
wrote:

>
> On 4/12/2021 10:11 PM, Watson Ladd wrote:
> > On Mon, Apr 12, 2021 at 12:44 PM Lucas Pardue
> > <lucaspardue.24.7@gmail.com> wrote:
> >> Hi Watson and Christian,
> >>
> >> Thanks for your input on the topic of QUIC Version Negotiation. The
> thread has fizzled out a bit. The QUIC Version Negotiation interim meeting
> is next week (Wednesday April 20, 21:00 UTC), it would be great if you
> could add some further concrete ideas to the discussion. In particular, if
> you're describing an alternative to what the VN draft has today, there is
> value in us hearing it out because it might help the QUIC WG make progress
> in this area.
> > I would be happy to attend.
>
> I will try to attend too. If I can find the invite and link...
>
>
> >
> >> Kind regards
> >> Lucas
> >> QUIC WG Co-chair
> >>
> >> On Wed, Mar 17, 2021 at 12:42 AM David Schinazi <
> dschinazi.ietf@gmail.com> wrote:
> >>> Hi Christian,
> >>>
> >>> It seems to me that you're describing what's in the VN draft today.
> >>> What am I missing?
> >>>
> >>> David
> >>>
> >>> On Mon, Mar 15, 2021 at 9:11 PM Christian Huitema <huitema@huitema.net>
> wrote:
> >>>> I have been considering pretty much the same design as Watson. In the
> >>>> slide deck that you presented, this would be the "compatible" option.
> >>>> The client would select  version X in the QUIC header of the Initial
> >>>> packet, and format one or several TP stating:
> >>>>
> >>>> 1) Version in the QUIC header: X
> >>>>
> >>>> 2) Supported compatible versions: Y, Z, T, and maybe Grease. These
> must
> >>>> be "compatible" versions.
> >>>>
> >>>> The server will:
> >>>>
> >>>> 1) verify that the version in the QUIC header is indeed X. If it is
> not,
> >>>> close the connection with an error.
> >>>>
> >>>> 2) pick one of X, Y, Z or T as the selected version, say Y.
> >>>> (Questionable whether the version in the QUIC header should be set to
> X
> >>>> or Y.)
> >>>>
> >>>> 3) Set the TP stating something like "you proposed X and I selected Y"
> >>>>
> >>>> 4) Very optionally, mention in a TP that "this server also supports
> >>>> versions V, W." These might be "incompatible" versions.
> >>>>
> >>>> If none of X, Y, Z, T are supported, the server replies with a VN.
> >>>>
> >>>> On receiving the server TP, the client verifies that the server saw
> the
> >>>> intended version X, and chose one of the supported version. The client
> >>>> might remember additional version V and W for next time, but that's
> >>>> extra complexity.
> >>>>
> >>>> -- Christian Huitema
> >>>>
> >>>> On 3/15/2021 5:18 PM, David Schinazi wrote:
> >>>>> Hi Watson,
> >>>>>
> >>>>> Could you elaborate on your proposal? In particular:
> >>>>> How does the client transmit its supported versions?
> >>>>> What does "compatible" mean?
> >>>>> What does "the server selects" mean?
> >>>>> What does "the server proceeds" mean?
> >>>>>
> >>>>> Thanks,
> >>>>> David
> >>>>>
> >>>>> On Wed, Mar 10, 2021 at 1:55 PM Watson Ladd <watsonbladd@gmail.com>
> wrote:
> >>>>>
> >>>>>> Dear WG,
> >>>>>>
> >>>>>> I'd like to proffer the world's simplest version negotiation scheme,
> >>>>>> based on comments heard during the meeting today from a number of
> >>>>>> people.
> >>>>>>
> >>>>>> The following weak assumptions are made: the client has a set of
> >>>>>> versions. The server has a partial ordering on versions: this means
> >>>>>> that versions are not necessarily preferred over each other
> (consider
> >>>>>> experiments where we will do what the client offers first), but the
> >>>>>> relation is transitive. Then the server selection is a function of
> the
> >>>>>> client offered version and supported set.
> >>>>>>
> >>>>>> The client transmits its supported versions and a proffered hello
> >>>>>> version in the first packet. The server selects. If that selection
> is
> >>>>>> incompatible they try again with the new selected version
> transmitted
> >>>>>> in VN. If it is compatible, the server selects and proceeds.
> >>>>>>
> >>>>>> The constraint on the handshake is that the supported versions and
> >>>>>> offered version and server selection are incorporated on the
> handshake
> >>>>>> in such a way that a mismatch triggers failure, and no two different
> >>>>>> versions can derive the same keys. If we assume that e.g. SHA256 is
> >>>>>> unbroken this is easy to get.
> >>>>>>
> >>>>>> This only permits a downgrade to a version the server was willing to
> >>>>>> prefer.
> >>>>>>
> >>>>>> Sincerely,
> >>>>>> Watson Ladd
> >>>>>>
> >>>>>>
> >
>

v2.23.0 | Report a Bug | By Email