Re: Hidden connection spawning

Mikkel Fahnøe Jørgensen <> Fri, 27 July 2018 07:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 13FD6130E21 for <>; Fri, 27 Jul 2018 00:07:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mPdO6GyKsD7m for <>; Fri, 27 Jul 2018 00:07:52 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c0b::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CC503130E3B for <>; Fri, 27 Jul 2018 00:07:51 -0700 (PDT)
Received: by with SMTP id w16-v6so6302672ita.0 for <>; Fri, 27 Jul 2018 00:07:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=MEwfKybPItA/JCSR7BsImS9J5jZoyT6eK4iWCuTOwnY=; b=hsP10AcE67uR6c5xe13thPqMTCHrSUB5kBNhaQ8Mj09G2C7DEvSWB8GflaOvg1nQuy U1pC1wPglG6s5LI+LNirkbvd+skka+2nrsQkPLOO5Lg4nlyxe4py8IngFMCoVSUNbWwH zHULQQAVZZj5GOqXCOA+coVHUkp7pBfGku/1OM1KqPFSFfx9i2D5SHHGXxI3BGWI39e0 HDfByl6JuIBy1hf6G6kH9wRqNyPZm01cWkz1SbTsFanx6YeOaKD5IZUWMCE8omq3HsXo 63tj1y8E61iefR+H9pt2XCrB2klStKKHtppBe+UmTfrRwgba/aD7xiOwBiMNWLiRxPfQ 1vTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=MEwfKybPItA/JCSR7BsImS9J5jZoyT6eK4iWCuTOwnY=; b=WEhrbjSF2M4JIlgXv9rGopdmIifluO77kpaO3ZVy/ocRsU5GwhzfEQl3giXqxRKhqN HC0cqYY6UoR0iKPPkTUNYVhB7S59k60GcNJA/WrX2P5BYNmNKp5TM61idfIGn+0vZsk7 9P32h/0cf35ujtxgZXciKaAUC98PHGaVKpcKtB1SxYW3JEK4nqkQ1IJvL2iGDIqDxfnL cZH4qTh+xTCLV2/b1WSkdgY+D0A6mnkqJ366ORsi0hTi4quRyHgGWgJTt8jv7emUp4DJ g/AYeCLVZfvJ7aNeQMf5t/jBc85Dh7/OvR0Ng9UU0Rw0gWSeDRgFGMJ0itN6FKOK4rW+ HMCw==
X-Gm-Message-State: AOUpUlEaCe/wXRYcB9zLH+FlCbOgtLHO8XXCDjSvd7dRe1ZQw63JseAa eqeF7rzj5YV0j1Wo40/UZQvC4ruyzfB3PeY9gfc=
X-Google-Smtp-Source: AAOMgpdFmYV/X6Kc9m+ucuG6rBv11HeThUmraHX5nVMd2bDkpoUxBTdrAuBYOBBs0n2l81JvDJOl4UO+LergofklhOQ=
X-Received: by 2002:a02:8c75:: with SMTP id j50-v6mr5032517jal.76.1532675271280; Fri, 27 Jul 2018 00:07:51 -0700 (PDT)
Received: from 1058052472880 named unknown by with HTTPREST; Fri, 27 Jul 2018 00:07:50 -0700
From: Mikkel Fahnøe Jørgensen <>
In-Reply-To: <>
References: <> <>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Fri, 27 Jul 2018 00:07:50 -0700
Message-ID: <>
Subject: Re: Hidden connection spawning
To: Kazuho Oku <>
Cc: Chris Wood <>,, IETF QUIC WG <>,
Content-Type: multipart/alternative; boundary="00000000000019ccfb0571f5c5ee"
Archived-At: <>
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 27 Jul 2018 07:07:54 -0000

When you say you prefer option 2 (0-RTT), do you mean to not hide the
handshake, or do you mean the until now unlisted option 4:

4. carry out a full 0-RTT handshake over a separate secure channel (QUIC or

Option 4 may skip the QUIC encryption layer if the outer layer is equally
strong (this is a can of worms).

Correction: in my earlier mail I wrote “not complex” in relation to option
1, the “not” should not have been there.

On 27 July 2018 at 02.31.03, Kazuho Oku ( wrote:

2018-07-26 15:31 GMT+09:00 Mikkel Fahnøe Jørgensen <>:
> I came to think about a use case where you want to spawn a new connection
> from an existing connection because the new connection runs a different
> protocol. For example a http connection where you want to run a separate
> live conference call, or to control tunnels from http control connection.
> You have roughly three options:
> 1. extend the current protocol with the new feature set in extension
> or similar
> 2. develop or use a purposes specific QUIC protol using 0-RTT for
> the connection
> 3. negotiate the new connection handshake within the current handshake.
> The first solution is not complex, limited, and not modular.
> The second solution can be used to get information about the connection,
> for example block connections that appear to be doing that.
> The third solution allows for an invisible connection spawn, but requires
> addition handshake logic which is already complex as it is.

I prefer the second approach, since it allows spawning connections in
0-RTT across different transports.

For example, I think that it would be nice to have a way to spawn a
0-RTT HQ connection from a HTTP/2 connection (via alt-svc).

Note also that there is an individual draft submitted to TLSWG that
discusses of adding a way for a TLS server to issue session tickets
that could be context-specific: see

> I suggesting solution 3 as possible option, although I am not convinced
> this is worthwhile, at least in V1.
> This was in part inspired by recent discussion on tunneling, and in part
> the following issue where partial reliability is being discussed and
> possibly shoe-horned into an extension. I am not following that issue
> closely though - it is just an example.
> Mikkel

Kazuho Oku