Re: Hidden connection spawning

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Fri, 27 July 2018 07:07 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13FD6130E21 for <quic@ietfa.amsl.com>; Fri, 27 Jul 2018 00:07:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mPdO6GyKsD7m for <quic@ietfa.amsl.com>; Fri, 27 Jul 2018 00:07:52 -0700 (PDT)
Received: from mail-it0-x235.google.com (mail-it0-x235.google.com [IPv6:2607:f8b0:4001:c0b::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC503130E3B for <quic@ietf.org>; Fri, 27 Jul 2018 00:07:51 -0700 (PDT)
Received: by mail-it0-x235.google.com with SMTP id w16-v6so6302672ita.0 for <quic@ietf.org>; Fri, 27 Jul 2018 00:07:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=MEwfKybPItA/JCSR7BsImS9J5jZoyT6eK4iWCuTOwnY=; b=hsP10AcE67uR6c5xe13thPqMTCHrSUB5kBNhaQ8Mj09G2C7DEvSWB8GflaOvg1nQuy U1pC1wPglG6s5LI+LNirkbvd+skka+2nrsQkPLOO5Lg4nlyxe4py8IngFMCoVSUNbWwH zHULQQAVZZj5GOqXCOA+coVHUkp7pBfGku/1OM1KqPFSFfx9i2D5SHHGXxI3BGWI39e0 HDfByl6JuIBy1hf6G6kH9wRqNyPZm01cWkz1SbTsFanx6YeOaKD5IZUWMCE8omq3HsXo 63tj1y8E61iefR+H9pt2XCrB2klStKKHtppBe+UmTfrRwgba/aD7xiOwBiMNWLiRxPfQ 1vTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=MEwfKybPItA/JCSR7BsImS9J5jZoyT6eK4iWCuTOwnY=; b=WEhrbjSF2M4JIlgXv9rGopdmIifluO77kpaO3ZVy/ocRsU5GwhzfEQl3giXqxRKhqN HC0cqYY6UoR0iKPPkTUNYVhB7S59k60GcNJA/WrX2P5BYNmNKp5TM61idfIGn+0vZsk7 9P32h/0cf35ujtxgZXciKaAUC98PHGaVKpcKtB1SxYW3JEK4nqkQ1IJvL2iGDIqDxfnL cZH4qTh+xTCLV2/b1WSkdgY+D0A6mnkqJ366ORsi0hTi4quRyHgGWgJTt8jv7emUp4DJ g/AYeCLVZfvJ7aNeQMf5t/jBc85Dh7/OvR0Ng9UU0Rw0gWSeDRgFGMJ0itN6FKOK4rW+ HMCw==
X-Gm-Message-State: AOUpUlEaCe/wXRYcB9zLH+FlCbOgtLHO8XXCDjSvd7dRe1ZQw63JseAa eqeF7rzj5YV0j1Wo40/UZQvC4ruyzfB3PeY9gfc=
X-Google-Smtp-Source: AAOMgpdFmYV/X6Kc9m+ucuG6rBv11HeThUmraHX5nVMd2bDkpoUxBTdrAuBYOBBs0n2l81JvDJOl4UO+LergofklhOQ=
X-Received: by 2002:a02:8c75:: with SMTP id j50-v6mr5032517jal.76.1532675271280; Fri, 27 Jul 2018 00:07:51 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 27 Jul 2018 00:07:50 -0700
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
In-Reply-To: <CANatvzztD6M45Qx6v_BzAXeXkOXmpUGBD5-4st9pB+UPf753GA@mail.gmail.com>
References: <CAN1APdfRmLp9R8+3e+kfHusSppnrtyHNFC1mNt9Vt+5kiDf9rw@mail.gmail.com> <CANatvzztD6M45Qx6v_BzAXeXkOXmpUGBD5-4st9pB+UPf753GA@mail.gmail.com>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Fri, 27 Jul 2018 00:07:50 -0700
Message-ID: <CAN1APdd0Zv2bRwvt4sowg4XpZv_uid+7CGeiduOTicLW-gSVqg@mail.gmail.com>
Subject: Re: Hidden connection spawning
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: Chris Wood <cawood@apple.com>, tpauly@apple.com, IETF QUIC WG <quic@ietf.org>, dschinazi@apple.com
Content-Type: multipart/alternative; boundary="00000000000019ccfb0571f5c5ee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/aA5n83hNLRvgAj2CNEBcgG-Wsqo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 07:07:54 -0000

When you say you prefer option 2 (0-RTT), do you mean to not hide the
handshake, or do you mean the until now unlisted option 4:

4. carry out a full 0-RTT handshake over a separate secure channel (QUIC or
otherwise)

Option 4 may skip the QUIC encryption layer if the outer layer is equally
strong (this is a can of worms).


Correction: in my earlier mail I wrote “not complex” in relation to option
1, the “not” should not have been there.

On 27 July 2018 at 02.31.03, Kazuho Oku (kazuhooku@gmail.com) wrote:

2018-07-26 15:31 GMT+09:00 Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>:
> I came to think about a use case where you want to spawn a new connection
> from an existing connection because the new connection runs a different
> protocol. For example a http connection where you want to run a separate
> live conference call, or to control tunnels from http control connection.
>
> You have roughly three options:
>
> 1. extend the current protocol with the new feature set in extension
frames
> or similar
> 2. develop or use a purposes specific QUIC protol using 0-RTT for
spawning
> the connection
> 3. negotiate the new connection handshake within the current handshake.
>
> The first solution is not complex, limited, and not modular.
> The second solution can be used to get information about the connection,
and
> for example block connections that appear to be doing that.
> The third solution allows for an invisible connection spawn, but requires
> addition handshake logic which is already complex as it is.

I prefer the second approach, since it allows spawning connections in
0-RTT across different transports.

For example, I think that it would be nice to have a way to spawn a
0-RTT HQ connection from a HTTP/2 connection (via alt-svc).

Note also that there is an individual draft submitted to TLSWG that
discusses of adding a way for a TLS server to issue session tickets
that could be context-specific: see
https://datatracker.ietf.org/doc/draft-wood-tls-ticketrequests/.

>
> I suggesting solution 3 as possible option, although I am not convinced
that
> this is worthwhile, at least in V1.
>
>
> This was in part inspired by recent discussion on tunneling, and in part
by
> the following issue where partial reliability is being discussed and
> possibly shoe-horned into an extension. I am not following that issue
> closely though - it is just an example.
> https://github.com/quicwg/base-drafts/issues/1606#issuecomment-407951495
>
>
> Mikkel



-- 
Kazuho Oku