IETF Logo Mail Archive

Re: QUIC ossification

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Tue, 19 February 2019 07:22 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 215DC130E77 for <quic@ietfa.amsl.com>; Mon, 18 Feb 2019 23:22:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.997
X-Spam-Level:
X-Spam-Status: No, score=-0.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mt0wkUPUCl0e for <quic@ietfa.amsl.com>; Mon, 18 Feb 2019 23:22:46 -0800 (PST)
Received: from mail-it1-x133.google.com (mail-it1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B150130E74 for <quic@ietf.org>; Mon, 18 Feb 2019 23:22:46 -0800 (PST)
Received: by mail-it1-x133.google.com with SMTP id m137so3905869ita.0 for <quic@ietf.org>; Mon, 18 Feb 2019 23:22:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=Rz8fJFoDmDoTpfEz3/pFQ9OGKXpK7r+UknvjorqksLo=; b=FTdxe7L+EOllRwlCfpIWm/ANSKe+hURN+5uUrpMzMt/47GTWelvKl8cOgXzCIbLXef Mt5nFrXLMQLZhjYj4Gj3Pd2WWY4FtQ+QkNAxQCeZsjOmp9LzzUg+uyMB8OgMn7HSJFhH /uXlbnwVQgvuFzRgCTKt4oxhUrQ1pNnKR4RATEMffgpKXq2t+eOrNLOoJ081t8NVG9dJ wGYk7PiNWoEdJfZkGWPiDsEqZDRIDXyRlL9l5zFKaCq7KS4CBU0TIfsAQ9t9PI7WCReE hKzTxUrv4vlnT3nRKXX77XOPPEdeIWgfDgD1glq4Zy1BW/mSbOjj+5QBpI+ngEAoEawQ IWvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=Rz8fJFoDmDoTpfEz3/pFQ9OGKXpK7r+UknvjorqksLo=; b=gNbeJLJxmOnL28gvG0E1zib+v9wDwBXRrTGwqzlXQwelF2dkGqLf5j7V5MK7TTnxTA HzTE5enE0NgAhrSrkwfvlpXfsdcT1yI1+Zji9tQQyDwJDQUjVEkJTdXikNP7r+1a96ax gPxAzzWEgrn9VeKbkqRG866vkYESk4Sn7fqqxIDQE/NyUVtk/8lIBra+x+pv5PCA7R0w tRd97ljHVBDb7TjvbtvHXad/cApMqtdhJPA3HtRxNSGY9dVu8cPzjv9PThElVuOG9U3D pokf4LKzekHuPuSsYC20nyggNsozIn3+8ENcFQ2NrZkS40cJvJTwrtd6DPdFe3+wbsqL dSdw==
X-Gm-Message-State: AHQUAubcShCRoB0sfjHacHYxH8QHlI5yhhjhiu5f2emtjxI5W0L3D2z3 JKbDjB9kEryIGsDLrDzBALaeuZpgVIo9sCMvONk=
X-Google-Smtp-Source: AHgI3Ia6TCE0ALaysu75Wn4Av84Azbu8/G7UY/sjm88Xphl04EmliUezGuIbXbx8xppm195/FndLSAW3i5IsAKqYmvY=
X-Received: by 2002:a05:660c:12c7:: with SMTP id k7mr1348164itd.148.1550560965373; Mon, 18 Feb 2019 23:22:45 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Mon, 18 Feb 2019 23:22:44 -0800
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
In-Reply-To: <CACpbDceKcBFCde_5ddC+Rbj6SrK7u_L3eAWdJ6XcHpjgzYE6vw@mail.gmail.com>
References: <CAM4esxTm0GiXnow4Vyv0UX6kFW4U3zJgVrN_JzD31Sm6sxoYGg@mail.gmail.com> <1550007332.441557.1656692832.0E5412AE@webmail.messagingengine.com> <9425344B-D72F-474D-A549-AA2453E57F19@fb.com> <CAPDSy+5LikoojquLhaW58DbJ3VrGXUViaD0aHcTkxBJGzFjgQA@mail.gmail.com> <47E7A834-B6CD-4D73-BF49-8768A48CADF0@fb.com> <CAM4esxThzPJUxU7R5-CY-ZcgmqhYdPFMoM5Fg17vN-Hsk_pJ8A@mail.gmail.com> <CAKcm_gMmxeHHN3dtH9kby_En96oPwTqrfHE=wpqy5Z0YbX4png@mail.gmail.com> <CAN1APdegy8n3+8J-pkgB6f-SNxHtju9p1Hiyct2tHWQ0KyeiGg@mail.gmail.com> <CA+9kkMC95TnFatowKU6121g+1DPy1hMNbKPagveMfKCXtpFSUQ@mail.gmail.com> <5B7F7D53-546D-4E3F-A0FC-AC29B1B05742@huitema.net> <CAKKJt-cQm+D2vptcfCLywz_QmuZW8tMYgcxNLoxyfC67OvYPUw@mail.gmail.com> <271E52ED-FA3A-4B4D-978C-90CE5CE57053@fb.com> <CAKKJt-f4U15Nr316xjuPb2S0QYOO6YAi9HRZzLWaZVfyXT3s8A@mail.gmail.com> <6b503e6a-d9ed-e747-9db6-f943f92fe114@huitema.net> <CACpbDcdixBEBFnLNbN1OhiKv9iTGjCpT3LQH13Rd64x1N0sJsA@mail.gmail.com> <CAM4esxTRsj7WqOSiCKfhQu2CfEosC+1-wJcm9uS1ryjchtpxdA@mail.gmail.com> <CAM4esxSqOAHEXXgAYP3iHyb-mkScrkXg1e5Dx+zA=Bi=yAcnQg@mail.gmail.com> <1550117350.927768.1657684024.116377B8@webmail.messagingengine.com> <CACpbDceGpp2Vs1pztJB3o7CJqg2f4HbL2mOoJtEPPeL7CvbXsA@mail.gmail.com> <1550120918.954942.1657706568.2C59A22F@webmail.messagingengine.com> <DB6PR10MB1766CDECAEED8E8391F61CD4AC670@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <CAF8qwaD8TKN251Ru5Q0G+NH9osyVw8MqWY5g+7VvLkzQph6jOQ@mail.gmail.com> <MWHPR22MB09916CC98D4AB60AA6A185BEDA670@MWHPR22MB0991.namprd22.prod.outlook.com> <CAPDSy+4=+Kpx0AD-xOuGJJec2T-MoFX9GOgfKWFPOPkj8D1MBg@mail.gmail.com> <CAM4esxSem6kkcd3rE7qfHJD9A1urmssoVsnagEmtJn7MU=mo5g@mail.gmail.com> <65405c4c-9bf7-4dca-91a3-d4a650ecfeb0@www.fastmail.com> <CAPDSy+4=HzVzm2zVpyt+Fuf4NQq_qyZXy6Ga==rBMnebsSyPpA@mail.gmail.com> <1c10b7bb-380a-4ac8-a3f8-fe185efa9b6b@www.fastmail.com> <CAKcm_gM1BdWAw6xHgWTGWwpThwtDwrkZBZU19VmCR4TXMFMPxA@mail.gmail.com> <41c7ef89-88e0-41bd-a62f-eb3828a09568@www.fastmail.com> <CACpbDceKcBFCde_5ddC+Rbj6SrK7u_L3eAWdJ6XcHpjgzYE6vw@mail.gmail.com>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Mon, 18 Feb 2019 23:22:44 -0800
Message-ID: <CAN1APde1atTy+Xc4Y0-Vv76k-UwYWqPkp4rr+ZZRkS8zcG1n8g@mail.gmail.com>
Subject: Re: QUIC ossification
To: Jana Iyengar <jri.ietf@gmail.com>, Martin Thomson <mt@lowentropy.net>
Cc: QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008b33d305823a1b25"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/e0fAA1vD_lOIrzM8eWrnzoCKSBo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2019 07:22:48 -0000

I still think there is a need for private experimentation without going all
IANA.

If randomisation is a good idea, why not have 128-bit version identifiers -
each org with special needs can encrypt their own version numbers.
Now you have fully randomised keys and infinitely many spaces.
Since the VN’s are only used in a few header packets, 128-bits is a fine
length.

Mikkel


On 19 February 2019 at 04.36.21, Jana Iyengar (jri.ietf@gmail.com) wrote:

On Thu, Feb 14, 2019 at 6:43 PM Martin Thomson <mt@lowentropy.net> wrote:

> On Fri, Feb 15, 2019, at 12:22, Ian Swett wrote:
> > I believe the concern is that a middlebox/etc will conclude that a
> > certain range of versions are IETF standard versions and should be
> > allowed and others are fine to block because they're experimental,
> > thereby making the majority of versions largely undeployable.
>
> That only suggests to me that we not segregate the space.  The proposed
> variations won't all happen in that space.
>

The whole point of the proposal was to avoid segregating this space. Let me
articulate a bit better, and folks can poke holes.

Whatever we choose for the on-wire representation of version 1, that's
visible to mboxes and they can ossify around it. We want more versions on
the wire to avoid this from happening.  As long as a few major players use
a few more versions on the wire besides v1, that's all we need to keep the
ecosystem from ossifying.

Ideally, the additional versions keep changing over time to avoid those
getting ossified as well. So a server can simply choose a random version
periodically and use it. But we need clients to use the version as well,
and since not everyone is Google, we use IANA to publish this new version.
Basically, (i) org requests new version from IANA, (ii) IANA either assigns
a new version (randomly) or approves the requested version for use as
additional v1, and (iii) clients and servers roll out support for this new
version. Note again that all servers and clients continue supporting the
original v1 version; this is an additional preferred version when it is
available on both sides. This gets us greasing, and ensures that we have a
mechanism in play that protects against downgrade protection.

Let's say we use 0x00000001 as v1. Do we allow 0x00000002 as an additional
version for v1? If we do, then what is the on-wire representation for v2?
If we don't, then we have to segregate the space. To avoid this problem, I
suggested that we randomize everything. It's not that hard: IANA can easily
assign a version to us at RFC publication time much in the same way as they
would to anyone requesting an additional on-wire version for v1 in the
future.

v2.23.0 | Report a Bug | By Email