Re: UDP Ports and QUIC version

David Schinazi <> Wed, 24 November 2021 20:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 422FD3A0BDC for <>; Wed, 24 Nov 2021 12:20:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OVc-zftXpqUL for <>; Wed, 24 Nov 2021 12:20:18 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A6A533A0BE1 for <>; Wed, 24 Nov 2021 12:20:18 -0800 (PST)
Received: by with SMTP id i12so3736009pfd.6 for <>; Wed, 24 Nov 2021 12:20:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=/NwyT1E4+ooGKSogk6Vnm84m55pug6yfVTva6umklLw=; b=PZbypu0stKNq1o6NM2IQuauNjpL3Wy0uMplORwbknFU7WXfKCFjC1tjllMORxLsSE1 fMX4Bbjr3AFzHZb80Bqr+WAb0dmIqnAdMzc5uZB8kyOnukTaGsUQKx0Okjsuh6+xq/iM BGrZqk6w18+5CV1Etpvq7DcVVHXpPBChv66UOjjUPv6S6uqnuHQgC+XVpLNa0T43rNVf JJlh3bYhUSzmZKsnoXkIOmHlBIBCk+NyXlhDsmsVwPeHQIps8vy1aZGXU6LdXfzETW4T B1iNAML0ZBuBY+zonCLt6sMBdkRnPYZN9GGnGIDU15hYi8fh+kGc7KM1Jb7cdf4Dt9TH OIHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=/NwyT1E4+ooGKSogk6Vnm84m55pug6yfVTva6umklLw=; b=7lkJ3tOzhntSrZfzlKt5vYFqSIhr4okeYT+Qi7t5Jj9HdpxFWACrFVezd4YDd5VxsJ 8lQUQ3K1OCbo7R4qFIUv/LGZfFQCB8Op+PPQcd+V8NwMolV+Sl2/AsCsh1Zevo60DRst igYvajGEtDEmnnD79Lcd+G1+1CxgpIddKMNyF3z+mzqO2XNTiFPN764qoW6tcTDkf/Dj e5RqHGMApWFGsVOS7Z5MuzCSLImoqIkCsPAgWDgJ8qe2Qo8CZoXgcLrbCoLx6W3zlKRJ X5VJkDXUNDbHBeys5XjViz2Rq1QkhYNHgIbwnnMa5yOC7vkbrJBOS3HM4ozsEChoGed0 01sg==
X-Gm-Message-State: AOAM5332lirAtlFic4i2hRMAUvvO//d4jaW+qZ07AXB35h+3ri3eZZii xvmLvlDE7SYsKQvsxGDiNrANDLk/qO+6XqBKxOnkyHya
X-Google-Smtp-Source: ABdhPJwvHBm6J7rAEyBgp9m7eoBZpagOKmZ2vM3nYNbHy/jbEGOtQ6I19Kp9+1vVI6CGUSOLtsrMh5YJdpdvz6zwSWQ=
X-Received: by 2002:aa7:99cf:0:b0:49f:9d3c:ac0f with SMTP id v15-20020aa799cf000000b0049f9d3cac0fmr9020994pfi.39.1637785217109; Wed, 24 Nov 2021 12:20:17 -0800 (PST)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: David Schinazi <>
Date: Wed, 24 Nov 2021 12:20:05 -0800
Message-ID: <>
Subject: Re: UDP Ports and QUIC version
Content-Type: multipart/alternative; boundary="0000000000001592cb05d18e9660"
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Nov 2021 20:20:23 -0000

Reusing 853 sounds like the simplest solution here.

QUICv1 can coexist with DTLS, and there is no reason
to believe that future IETF versions of QUIC will not
have the same feature. If someone decides to run
their custom version of QUIC on the same port as DTLS,
they'll also make sure to have their version of QUIC
coexist with DTLS.

The QUICv1 "grease the QUIC bit" extension is not
relevant to this discussion, because no one who cares
about coexisting with DTLS will deploy this extension.


On Wed, Nov 24, 2021 at 12:03 PM Christian Huitema <>

> On 11/24/2021 10:58 AM, Benjamin Kaduk wrote:
> > On Wed, Nov 24, 2021 at 10:45:43AM -0800, Martin Duke wrote:
> >> Hello QUIC,
> >>
> >> DNS-over-QUIC just requested UDP Port 843, where it would coexist with
> > I assume you mean 853, though that does not affect the rest of your note
> at all.
> Note that port 853 is a bit of a special case. TCP port 853 was first
> reserved for DNS over TLS. UDP port 853 was then reserved for DNS over
> DTLS, which was defined in an experimental RFC. Turns out that several
> years later we are not aware of any deployment of DNS over DTLS. So we
> believe that having UDP port 853 for DNS over QUIC and TCP port 853 for
> DNS over TLS would keep the nice symmetry that was originally intended.
> It would for example make management of firewalls easier, "port 853 is
> encrypted DNS for both UDP and TCP". The downside would the case of
> servers trying to run both DNS over QUIC and DNS over DTLS. We don't
> know any such server, but it is nice to have a fallback mechanism in the
> unforeseen case of some server somewhere trying to do that. The ability
> of multiplexing QUIC and DTLS on the same port gives us that.
> -- Christian Huitema