Re: Version negotiation: the bare minimum?
David Schinazi <dschinazi.ietf@gmail.com> Tue, 13 April 2021 17:51 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73FFF3A20C7 for <quic@ietfa.amsl.com>; Tue, 13 Apr 2021 10:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sRVE5UZfIjje for <quic@ietfa.amsl.com>; Tue, 13 Apr 2021 10:51:39 -0700 (PDT)
Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB5673A20C4 for <quic@ietf.org>; Tue, 13 Apr 2021 10:51:39 -0700 (PDT)
Received: by mail-pf1-x42b.google.com with SMTP id a12so11910137pfc.7 for <quic@ietf.org>; Tue, 13 Apr 2021 10:51:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WARo2VMRRRP5j3hPTWyYAX0tAscSCNIBmkrpxNqvCsg=; b=qBLv4sSb74ud8nABKcNAp+9Ah1aMVyxOLXwFRO3FzXDNL3rZ0/GwN5RUckOteCFiGj Ai+Lyh4NzU7F3MFgK+XvU2Nm/Rw2WBDmIIyV5+u6QqfGFNF82kCJ6WVLumsExSuvzImw 1ekx1d6SgNPQyj6sPUKQagBmpsLbr96MYAhZo6r+J8dwifC1Rw67w0sw3L1aS+wREDn9 53qLZbpbiic19CCdLmB+utROFSSj5lgOxsfIXcgGrT2URea6KBWUq0/W3KtOlzKnpX2Y 70FNC2oEzG0n+7XgWlMq9EuG5vJ4iX76bZQcARq5kydJ2Svz2CN6SvqxziLmfokEQzES d0tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WARo2VMRRRP5j3hPTWyYAX0tAscSCNIBmkrpxNqvCsg=; b=tIAvCaKWWKDyaOPF3gmSgIQCF+JGSuUfeobVjE+NKUFbLO0rkNEfDFWxWQZW9cBqej wcQE7gdrKrJQmbG8Vws2d42+LAOR2KeWr/xSF1YAZ5Zan4DdylLK9K1pHBCfk3b8Qqq1 5J2YcgavjgLSGadkL0Vh0207RCKnfaqz1pbImPnxg9jY2Qj4oO4H9h1wT8LfDzY1h34M oF4ISkcs+vhn1zvI0IcuF3qT+nlXmmVO2bpwBV9z8o+6Je9NgA9nCRoZNFnYKGLC1LLy u31YthnCmakyY3dw3n8l0vy3VTkFXSbGHjXTaS6FplCutPuHhmccplE0T9cXdwxcDqDI rgqA==
X-Gm-Message-State: AOAM533yHxCRVQTOvBrggcXUWbk7AkyNIOp5hXKo9Se3s1/pX+XhGOPb U5L3aUUUD+gDKWwSKVyTRJc3mFTgbXoSwKMrhfc=
X-Google-Smtp-Source: ABdhPJwcE10QeSAKwMTFPNaUt39/tyYcMxthN5xoxAfgFqWC9zp7W6RoI8JYSm4ittZGhy6TU2X66Li7u9JfFs6+K00=
X-Received: by 2002:a62:528e:0:b029:1f5:c5ee:a487 with SMTP id g136-20020a62528e0000b02901f5c5eea487mr30090211pfb.7.1618336298691; Tue, 13 Apr 2021 10:51:38 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cm-vWCZEeA+kh-BUF0M0ZhM_ev6R-9DYZgWQCA-byHofQ@mail.gmail.com> <CAPDSy+4QLJnE8njgsP33GQLnwtNH1v6ACbWTfOXhe00jXdwCbw@mail.gmail.com> <6322e767-433c-7181-08ae-897c6625f3f2@huitema.net> <CAPDSy+6dH9iVeRxQeAkNqCQKLSP510L3Nm+ZwRYsmQKGaMVNGg@mail.gmail.com> <CALGR9oZ+nL7PgUYwbeRS25HbHQfEAdtVuMySPZnf3f8J=pyC0A@mail.gmail.com> <CACsn0c=MTyb3SWBN9-k-ZfiB3YE=WCYSRB7sPEw=4LJ9STPaTw@mail.gmail.com> <fbcc7edf-cbd1-be18-bf95-8dcfdbc2fab2@huitema.net>
In-Reply-To: <fbcc7edf-cbd1-be18-bf95-8dcfdbc2fab2@huitema.net>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Tue, 13 Apr 2021 10:51:27 -0700
Message-ID: <CAPDSy+5V4Q4ahwwcZZaL8niVQ7GnAfnmum0TfZVSwgbTck9C3A@mail.gmail.com>
Subject: Re: Version negotiation: the bare minimum?
To: Christian Huitema <huitema@huitema.net>
Cc: Watson Ladd <watsonbladd@gmail.com>, Lucas Pardue <lucaspardue.24.7@gmail.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000035ee3405bfde4828"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/_KkGkOgIPA3Qf4aSV59yUEBfgsU>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Apr 2021 17:51:44 -0000
Hi Watson and Christian, Glad to hear you'll be there! Would you also be able to prepare a proposal? It sounds like you've put some thought into this and it would be great to have something concrete to discuss. Thanks, David On Tue, Apr 13, 2021 at 12:06 AM Christian Huitema <huitema@huitema.net> wrote: > > On 4/12/2021 10:11 PM, Watson Ladd wrote: > > On Mon, Apr 12, 2021 at 12:44 PM Lucas Pardue > > <lucaspardue.24.7@gmail.com> wrote: > >> Hi Watson and Christian, > >> > >> Thanks for your input on the topic of QUIC Version Negotiation. The > thread has fizzled out a bit. The QUIC Version Negotiation interim meeting > is next week (Wednesday April 20, 21:00 UTC), it would be great if you > could add some further concrete ideas to the discussion. In particular, if > you're describing an alternative to what the VN draft has today, there is > value in us hearing it out because it might help the QUIC WG make progress > in this area. > > I would be happy to attend. > > I will try to attend too. If I can find the invite and link... > > > > > >> Kind regards > >> Lucas > >> QUIC WG Co-chair > >> > >> On Wed, Mar 17, 2021 at 12:42 AM David Schinazi < > dschinazi.ietf@gmail.com> wrote: > >>> Hi Christian, > >>> > >>> It seems to me that you're describing what's in the VN draft today. > >>> What am I missing? > >>> > >>> David > >>> > >>> On Mon, Mar 15, 2021 at 9:11 PM Christian Huitema <huitema@huitema.net> > wrote: > >>>> I have been considering pretty much the same design as Watson. In the > >>>> slide deck that you presented, this would be the "compatible" option. > >>>> The client would select version X in the QUIC header of the Initial > >>>> packet, and format one or several TP stating: > >>>> > >>>> 1) Version in the QUIC header: X > >>>> > >>>> 2) Supported compatible versions: Y, Z, T, and maybe Grease. These > must > >>>> be "compatible" versions. > >>>> > >>>> The server will: > >>>> > >>>> 1) verify that the version in the QUIC header is indeed X. If it is > not, > >>>> close the connection with an error. > >>>> > >>>> 2) pick one of X, Y, Z or T as the selected version, say Y. > >>>> (Questionable whether the version in the QUIC header should be set to > X > >>>> or Y.) > >>>> > >>>> 3) Set the TP stating something like "you proposed X and I selected Y" > >>>> > >>>> 4) Very optionally, mention in a TP that "this server also supports > >>>> versions V, W." These might be "incompatible" versions. > >>>> > >>>> If none of X, Y, Z, T are supported, the server replies with a VN. > >>>> > >>>> On receiving the server TP, the client verifies that the server saw > the > >>>> intended version X, and chose one of the supported version. The client > >>>> might remember additional version V and W for next time, but that's > >>>> extra complexity. > >>>> > >>>> -- Christian Huitema > >>>> > >>>> On 3/15/2021 5:18 PM, David Schinazi wrote: > >>>>> Hi Watson, > >>>>> > >>>>> Could you elaborate on your proposal? In particular: > >>>>> How does the client transmit its supported versions? > >>>>> What does "compatible" mean? > >>>>> What does "the server selects" mean? > >>>>> What does "the server proceeds" mean? > >>>>> > >>>>> Thanks, > >>>>> David > >>>>> > >>>>> On Wed, Mar 10, 2021 at 1:55 PM Watson Ladd <watsonbladd@gmail.com> > wrote: > >>>>> > >>>>>> Dear WG, > >>>>>> > >>>>>> I'd like to proffer the world's simplest version negotiation scheme, > >>>>>> based on comments heard during the meeting today from a number of > >>>>>> people. > >>>>>> > >>>>>> The following weak assumptions are made: the client has a set of > >>>>>> versions. The server has a partial ordering on versions: this means > >>>>>> that versions are not necessarily preferred over each other > (consider > >>>>>> experiments where we will do what the client offers first), but the > >>>>>> relation is transitive. Then the server selection is a function of > the > >>>>>> client offered version and supported set. > >>>>>> > >>>>>> The client transmits its supported versions and a proffered hello > >>>>>> version in the first packet. The server selects. If that selection > is > >>>>>> incompatible they try again with the new selected version > transmitted > >>>>>> in VN. If it is compatible, the server selects and proceeds. > >>>>>> > >>>>>> The constraint on the handshake is that the supported versions and > >>>>>> offered version and server selection are incorporated on the > handshake > >>>>>> in such a way that a mismatch triggers failure, and no two different > >>>>>> versions can derive the same keys. If we assume that e.g. SHA256 is > >>>>>> unbroken this is easy to get. > >>>>>> > >>>>>> This only permits a downgrade to a version the server was willing to > >>>>>> prefer. > >>>>>> > >>>>>> Sincerely, > >>>>>> Watson Ladd > >>>>>> > >>>>>> > > >
- Version negotiation: the bare minimum? Watson Ladd
- Re: Version negotiation: the bare minimum? David Schinazi
- Re: Version negotiation: the bare minimum? Christian Huitema
- Re: Version negotiation: the bare minimum? David Schinazi
- Re: Version negotiation: the bare minimum? Lucas Pardue
- Re: Version negotiation: the bare minimum? Watson Ladd
- Re: Version negotiation: the bare minimum? Christian Huitema
- Re: Version negotiation: the bare minimum? David Schinazi
- Do we need compatible version negotiation at all?… Kazuho Oku
- Re: Do we need compatible version negotiation at … David Schinazi
- Re: Do we need compatible version negotiation at … Christian Huitema
- Re: Do we need compatible version negotiation at … David Schinazi
- Re: Do we need compatible version negotiation at … Kazuho Oku