IETF Logo Mail Archive

Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS

Ted Hardie <ted.ietf@gmail.com> Fri, 27 September 2019 19:13 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0265D1200F9 for <quic@ietfa.amsl.com>; Fri, 27 Sep 2019 12:13:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lpUYJwojesB6 for <quic@ietfa.amsl.com>; Fri, 27 Sep 2019 12:13:13 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DC97120013 for <quic@ietf.org>; Fri, 27 Sep 2019 12:13:13 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id n197so19067575iod.9 for <quic@ietf.org>; Fri, 27 Sep 2019 12:13:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VN+8aIwsO8Glz50jM4Ha/+G5SfsnXLHh22olMGs3Nfc=; b=kuik8k0cTr3EdIoi446efq+BIt4fl3yGQHAMBt7QtKDJhYyyCd5xn/Xl+YXh9tTuDW tYS4cu3lt49PW6Ezzzoa4n38xeGBZl73tF/fFEb2kZbnPnHS0UQfOkHfoxkrXAkD9fJS sMfDuwa0MFSJ2+rydQ2vu3mzyhXdQkE1R9vEhUm+I2KVuM4MIOM/rye9v9WPHwwbBuuU t5KkJDOe89OgBydJI88pavvTuRNz4+qRxD0BNXPdvrGmj+6+tcdDkXDZ6I23C8fWGWPi B8VNN4inVrX03Vz6x/6vU9giBKEZKXvYxQKeyYE65tzkQ/Ew1R2jwSjFUL1iXFvWqPKx eHiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VN+8aIwsO8Glz50jM4Ha/+G5SfsnXLHh22olMGs3Nfc=; b=ES+qpKcwhUUF3SGhYVkmdxKU7y47UtchZwChoXynI2joPWWr0xpWhmkKeUmlgdNRPc V/BRVBBjFLePV0sqVO8A9CkWXTAMfdti1kQZ78+gCLIBZ5fHnN/neEA+tRF5ikxEhNK9 PkFEowEj2eWE6q1cjnKPd6IX11NbWqMEEkrMRwlIOHj3eyGRE4GFZ8OWamq3ypu15c6W PzME/Cj5eLjVSdyp1jlOMjrQmwalOgvRR1Ng7eBsDbTDW2m4ZjdA7uGYSYPnkY5lj8Al uGvRpW7lBFy5B+5UnfQ68Kc8stSOeXuW08Kd+KXWkzhOEcevNzNj+APA39diHuxHJQDu 3eZg==
X-Gm-Message-State: APjAAAUmyiSGlhF7d+hQyZkT0jmk/pXoznfEEEOBibYuP1KL0K226zqy mmW8s+ITi/AZnCBbVc2AeiTy8Tsoif78Ulx8pkY=
X-Google-Smtp-Source: APXvYqzb50CXjtO5ltASbmsmjlPN4+AHxWJxHQ8bNfD+goS8fw0hZ1jpYuo3lwfo9GSBzilOwin6zQVU6Kik+jmwMxE=
X-Received: by 2002:a5e:8a0a:: with SMTP id d10mr9902316iok.121.1569611592030; Fri, 27 Sep 2019 12:13:12 -0700 (PDT)
MIME-Version: 1.0
References: <CACdeXiLEnvmqmxSgXbvAwEo0rgm-F59RL2sk0Ugu6PNuiDkfsw@mail.gmail.com>
In-Reply-To: <CACdeXiLEnvmqmxSgXbvAwEo0rgm-F59RL2sk0Ugu6PNuiDkfsw@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Fri, 27 Sep 2019 12:12:45 -0700
Message-ID: <CA+9kkMCOx-3cBq1_X4acHPjKtWUYSFLiLsu8HuEFOmDKxv7aww@mail.gmail.com>
Subject: Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS
To: Nick Harper <nharper=40google.com@dmarc.ietf.org>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000060e32c05938dad2e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/boj6yvYCjjWsa1UJ-578TtGL6RQ>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2019 19:13:16 -0000

Hi Nick,

Two points in addition to the privacy issue already raised make me concur
with Roberto that this should be v2 or later.  The first is this:

"Negotiating or advertising features is something multiple applicationswill
need to do and is not a feature specific to H3."

Absolutely true, but there is also a fairly large variability in how
applications do this.  If we design something now that works for H3, it may
very well be sub-optimal or useless for later application targets.  Getting
something general enough to handle DNS, WEBRTC,  SMTP, plus the various
flavors of IoT protocols I've heard as targets hoping to move to QUIC is
going to take time and care, and it will block completion of v1.

The second is this:

*The other downside is that if too much data is put in application
parameters, it could cause the number of packets for a client or server’s
flight to go from N to N+1, which would increase the chance of head of line
blocking.

Depending on what counts as application parameters, this could be more than
N+1.  Someone running NETCONF over QUIC, for example, would be using a
fairly verbose syntax in which each parameter is a full URN.

regards,

Ted Hardie


On Thu, Sep 26, 2019 at 5:52 PM Nick Harper <nharper=
40google.com@dmarc.ietf.org> wrote:

> I propose introducing application parameters to the QUIC handshake and
> using this new mechanism for H3 SETTINGS instead of sending them as
> the first thing in the control stream. Application parameters would
> allow applications using QUIC to advertise or negotiate
> application-specific parameters during the cryptographic and transport
> handshake. It would guarantee that the client and server have
> exchanged their application parameters once the handshake is complete.
>
> Specifically, I’m proposing a new “application_layer_parameters”
> transport parameter, which when sent by the client is a series of ALPN
> identifiers with an opaque blob of application parameters per
> identifier, and when sent by the server is a single opaque blob of
> application parameters for the application identified in the ALPN
> extension.
>
> Negotiating or advertising features is something multiple applications
> will need to do and is not a feature specific to H3. Whatever we do in
> H3 will likely be copied by other applications using QUIC. By
> providing a general mechanism in QUIC transport, we provide
> applications with a consistent way of achieving this goal. QUIC has a
> design pattern of collapsing multiple layers into one to save on round
> trips (e.g. combining crypto and transport handshake); this fits in
> with that pattern.
>
> Using application parameters for H3 SETTINGS clears up some issues. H3
> doesn’t need to specify that an endpoint shouldn’t wait for its peer’s
> SETTINGS since they’ve already arrived. Likewise, there is no
> confusion about whether SETTINGS arriving after session tickets are
> bound to the session tickets; SETTINGS arrives before the tickets and
> the client doesn’t need to wait for the receipt of SETTINGS to bind
> them to the ticket. It also simplifies the server binding SETTINGS to
> the ticket since that is done as part of binding transport parameters
> to the ticket.
>
> This also provides opportunities for future features. Since the
> exchange of SETTINGS occurs before application data, a new feature
> doesn’t need to be specified in a way to provide an upgrade path from
> “vanilla” H3 to something including this feature, and instead be
> guaranteed that the new feature can be used for the entire connection.
>
> Without application parameters, each application that needs to
> advertise or negotiate application settings needs its own mechanism to
> do so. This would result in multiple transport parameters or
> extensions leading to duplication of work and layering violations.
> Applications could instead exchange these settings in application
> data, meaning that each application needs to define the semantics of
> application data received before and after the settings have been
> exchanged, as H3 currently does.
>
> There is already a demonstrated need for an application parameters
> mechanism in the QUIC handshake. One example is
> https://tools.ietf.org/html/draft-vvv-webtransport-quic-00 which is
> currently using a “web_accepted_origins” transport parameter but could
> easily use an application parameters mechanism instead.
>
> I see two downsides to this proposal. The first is that the client’s
> application parameters are sent in the clear. Application designers
> will need to make a decision of how much they want to use this
> functionality (they could limit what is sent by the client or only use
> application parameters in the server direction). For H3, there are
> only three SETTINGS, QPACK_MAX_TABLE_CAPACITY, QPACK_BLOCKED_STREAMS,
> and MAX_HEADER_LIST_SIZE, which do not reveal any information about
> the user or the server they are connecting to and are likely constant
> per H3 implementation.
>
> The other downside is that if too much data is put in application
> parameters, it could cause the number of packets for a client or
> server’s flight to go from N to N+1, which would increase the chance
> of head of line blocking.
>
> Related issues:
> https://github.com/quicwg/base-drafts/issues/2790: Binding settings
> into session tickets
> https://github.com/quicwg/base-drafts/issues/2945: When to send the
> SETTINGS frame
> https://github.com/quicwg/base-drafts/issues/2783: Consider making
> SETTINGS part of the control stream header
> https://github.com/quicwg/base-drafts/issues/436: Move SETTINGS into
> TLS Handshake
>
>

v2.23.0 | Report a Bug | By Email