IETF Logo Mail Archive

Re: QUIC ossification

Martin Duke <martin.h.duke@gmail.com> Fri, 15 February 2019 01:02 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 999F2130E3F for <quic@ietfa.amsl.com>; Thu, 14 Feb 2019 17:02:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zegxCvZfrHHO for <quic@ietfa.amsl.com>; Thu, 14 Feb 2019 17:02:47 -0800 (PST)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 645A1130DFA for <quic@ietf.org>; Thu, 14 Feb 2019 17:02:47 -0800 (PST)
Received: by mail-wm1-x32f.google.com with SMTP id z84so835164wmg.4 for <quic@ietf.org>; Thu, 14 Feb 2019 17:02:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jFudzIjpH3PSj1jK/yfrImPW4106EB7wOg0UNQ1eK1w=; b=YMzY4Mp9lJlILet3s30Dgz/5fqNIGy3W/cwhXW1+iPUOAlIQjDacZBfbCzUle8iewE FA1nsN9dl9KEtfOh9MYKDROiuPiESNCXER+/0QXh9UDXDOf25rmUq9qGbCKrxdrHqIyS ELc5TJuTzsRtMx/d+aHShDfe54JaT0brgtxZLMmfh4gDHt6+AWEDz7penMRVZH9Sofz5 WGCHCUA+R3HNu7RGYM5hq2Cxr/J3q5qbkq1oQaOVfKkN72HM5sz/ttZNA8IiUEzhUTZW RxR7igQc3Q72/0aUCbPGJqKE8jIOPMzIjPlNlcpn9a/qm4SmyRsUfzFLc8mqtOjsadws iZQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jFudzIjpH3PSj1jK/yfrImPW4106EB7wOg0UNQ1eK1w=; b=dSD751Eae7zOqc37lHvZTRpA9yKuB7v8a2rtFS6gzRDEkTKGhmNQt+X7L8lYumU/iy 0yulG1aTXsfvFVkrXQw9g+F57UrQO63agFDvErA42DgHGjHuRCvOgufAQbaDmstLVnkf QW/Hdhj0O6YWjOiOmNpN8+aUKtOM4mQFwokBE6QFYqcFTyCh6clGULkCDXSbiAbDoNw0 fU8MUwTpt0PcBxbLiTCpKSoJAYSOuKmZbN6dtC9dISA75Z9YwRZJtBlFtmeqZg5B38eJ BlcYT/ffuyrrqoIVwEsD9DJwuPZWAUSEIX6Qe6K8JKQs2M8LoK+GHFW07vTVzInhHGbo 8NlQ==
X-Gm-Message-State: AHQUAua6sqqdFgJQv/PvS69E7MJccija2FXmPaj/v1DPeQKT3nu4qQdE c/g/YbDT+roKrnxXYEtSl/khEJMGlAIiuvVIHA4=
X-Google-Smtp-Source: AHgI3IaZZQVS/kfnRzsIr6W3DJFwj1hZyy4bWA/tD0yGHf6PUQvNdT+rsMK+wzl6wllr9cjUqrInFhVNZ6CieMloPPE=
X-Received: by 2002:a1c:7e58:: with SMTP id z85mr669997wmc.52.1550192565736; Thu, 14 Feb 2019 17:02:45 -0800 (PST)
MIME-Version: 1.0
References: <CAM4esxTm0GiXnow4Vyv0UX6kFW4U3zJgVrN_JzD31Sm6sxoYGg@mail.gmail.com> <1550007332.441557.1656692832.0E5412AE@webmail.messagingengine.com> <9425344B-D72F-474D-A549-AA2453E57F19@fb.com> <CAPDSy+5LikoojquLhaW58DbJ3VrGXUViaD0aHcTkxBJGzFjgQA@mail.gmail.com> <47E7A834-B6CD-4D73-BF49-8768A48CADF0@fb.com> <CAM4esxThzPJUxU7R5-CY-ZcgmqhYdPFMoM5Fg17vN-Hsk_pJ8A@mail.gmail.com> <CAKcm_gMmxeHHN3dtH9kby_En96oPwTqrfHE=wpqy5Z0YbX4png@mail.gmail.com> <CAN1APdegy8n3+8J-pkgB6f-SNxHtju9p1Hiyct2tHWQ0KyeiGg@mail.gmail.com> <CA+9kkMC95TnFatowKU6121g+1DPy1hMNbKPagveMfKCXtpFSUQ@mail.gmail.com> <5B7F7D53-546D-4E3F-A0FC-AC29B1B05742@huitema.net> <CAKKJt-cQm+D2vptcfCLywz_QmuZW8tMYgcxNLoxyfC67OvYPUw@mail.gmail.com> <271E52ED-FA3A-4B4D-978C-90CE5CE57053@fb.com> <CAKKJt-f4U15Nr316xjuPb2S0QYOO6YAi9HRZzLWaZVfyXT3s8A@mail.gmail.com> <6b503e6a-d9ed-e747-9db6-f943f92fe114@huitema.net> <CACpbDcdixBEBFnLNbN1OhiKv9iTGjCpT3LQH13Rd64x1N0sJsA@mail.gmail.com> <CAM4esxTRsj7WqOSiCKfhQu2CfEosC+1-wJcm9uS1ryjchtpxdA@mail.gmail.com> <CAM4esxSqOAHEXXgAYP3iHyb-mkScrkXg1e5Dx+zA=Bi=yAcnQg@mail.gmail.com> <1550117350.927768.1657684024.116377B8@webmail.messagingengine.com> <CACpbDceGpp2Vs1pztJB3o7CJqg2f4HbL2mOoJtEPPeL7CvbXsA@mail.gmail.com> <1550120918.954942.1657706568.2C59A22F@webmail.messagingengine.com> <DB6PR10MB1766CDECAEED8E8391F61CD4AC670@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <CAF8qwaD8TKN251Ru5Q0G+NH9osyVw8MqWY5g+7VvLkzQph6jOQ@mail.gmail.com> <MWHPR22MB09916CC98D4AB60AA6A185BEDA670@MWHPR22MB0991.namprd22.prod.outlook.com> <CAPDSy+4=+Kpx0AD-xOuGJJec2T-MoFX9GOgfKWFPOPkj8D1MBg@mail.gmail.com>
In-Reply-To: <CAPDSy+4=+Kpx0AD-xOuGJJec2T-MoFX9GOgfKWFPOPkj8D1MBg@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Thu, 14 Feb 2019 17:02:32 -0800
Message-ID: <CAM4esxSem6kkcd3rE7qfHJD9A1urmssoVsnagEmtJn7MU=mo5g@mail.gmail.com>
Subject: Re: QUIC ossification
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: Mike Bishop <mbishop@evequefou.be>, Jana Iyengar <jri.ietf@gmail.com>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, QUIC WG <quic@ietf.org>, Martin Thomson <mt@lowentropy.net>, David Benjamin <davidben@chromium.org>
Content-Type: multipart/alternative; boundary="00000000000036dcce0581e455bc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/nZXs752F6ng0RZAoME3dcaVFT5I>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 01:02:50 -0000

Collective, time for me to file a github issue? Or leave it on the list?

On Thu, Feb 14, 2019, 12:54 PM David Schinazi <dschinazi.ietf@gmail.com
wrote:

> Yes, the version downgrade prevention was punted to whenever we start
> using another production version and performing in-band version
> negotiation. These rolling versions would qualify as such and absolutely
> require downgrade prevention if we have version negotiation inside QUIC.
>
> That said, an important difference between TLS and QUIC here is Alt-Svc.
> We don't need 100% of QUIC uses to use this rolling version to prevent
> ossification, it would be fine if only HTTP/3 clients did that.
> Those clients will know the server-supported versions thanks to Alt-Svc,
> so there is no need for in-band version negotiation between these versions.
>
> It would be feasible to deploy these rolling versions while still treating
> any Version Negotiation packet as a critical error.
>
> David
>
> On Thu, Feb 14, 2019 at 12:42 PM Mike Bishop <mbishop@evequefou.be> wrote:
>
>> We actually agreed at the interim to leave downgrade protection as future
>> work, since this is currently the only version we care about.  A future
>> version would need to be accompanied by an extension to v1 that provides
>> downgrade protection.  🙂
>>
>>
>>
>> If we start actively flexing version negotiation, of course, we probably
>> need to revisit that decision.
>>
>>
>>
>> *From:* QUIC <quic-bounces@ietf.org> *On Behalf Of * David Benjamin
>> *Sent:* Thursday, February 14, 2019 12:39 PM
>> *To:* Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
>> *Cc:* Jana Iyengar <jri.ietf@gmail.com>; QUIC WG <quic@ietf.org>; Martin
>> Thomson <mt@lowentropy.net>
>> *Subject:* Re: QUIC ossification
>>
>>
>>
>> At least in the TLS incarnation of this idea, yes, the point would be to
>> support both V1 (for normal clients) and the rolling version.. That does
>> not require the client reject V1 for this to work, presuming your version
>> negotiation has downgrade protection. (Being forced onto a version other
>> than what you would have naturally negotiated is a downgrade.)
>>
>>
>>
>> I'm not familiar with QUIC's negotiation mechanisms, but I certainly hope
>> you all are downgrade-protected. That's generally important independent of
>> these kinds of games.
>>
>>
>>
>> David
>>
>> On Wed, Feb 13, 2019 at 11:59 PM Mikkel Fahnøe Jørgensen <
>> mikkelfj@gmail.com> wrote:
>>
>> Version of the month is problematic:
>>
>>
>>
>> Google server would need to support a basic V1, otherwise non-chrome user
>> agents would fail. Chrome browsers would have to reject V1 or the greasing
>> won’t work. This can only happen towards Google servers. Middleboxes now
>> check for V1 or Google domain. Eith future encrypted request domain, it is
>> a perfect wsy to firewall Google via Chrome. Users switch to other browser.
>>
>>
>>
>>
>> ------------------------------
>>
>> *Fra:* QUIC <quic-bounces@ietf.org> på vegne af Martin Thomson <
>> mt@lowentropy..net <mt@lowentropy.net>>
>> *Sendt:* torsdag, februar 14, 2019 6:08 AM
>> *Til:* Jana Iyengar
>> *Cc:* QUIC WG
>> *Emne:* Re: QUIC ossification
>>
>>
>>
>> On Thu, Feb 14, 2019, at 15:48, Jana Iyengar wrote:
>> > Basically, I'm proposing that QUIC v1 be assigned a random number for
>> its
>> > version at RFC publication time.
>>
>> What property do you expect that to provide?
>>
>> > Anyone who wants to use a different version for v1 MUST request it from
>> IANA first before using it in the wild.
>>
>> This too. What does this achieve?
>>
>> I get that there seems to be the emerging view that unmanaged codepoint
>> space is not good and we should ask IANA to manage it for us, but I don't
>> understand what these proposals would provide.
>>
>>

v2.23.0 | Report a Bug | By Email