Re: QUIC ossification
Martin Duke <martin.h.duke@gmail.com> Fri, 15 February 2019 01:02 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 999F2130E3F for <quic@ietfa.amsl.com>; Thu, 14 Feb 2019 17:02:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zegxCvZfrHHO for <quic@ietfa.amsl.com>; Thu, 14 Feb 2019 17:02:47 -0800 (PST)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 645A1130DFA for <quic@ietf.org>; Thu, 14 Feb 2019 17:02:47 -0800 (PST)
Received: by mail-wm1-x32f.google.com with SMTP id z84so835164wmg.4 for <quic@ietf.org>; Thu, 14 Feb 2019 17:02:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jFudzIjpH3PSj1jK/yfrImPW4106EB7wOg0UNQ1eK1w=; b=YMzY4Mp9lJlILet3s30Dgz/5fqNIGy3W/cwhXW1+iPUOAlIQjDacZBfbCzUle8iewE FA1nsN9dl9KEtfOh9MYKDROiuPiESNCXER+/0QXh9UDXDOf25rmUq9qGbCKrxdrHqIyS ELc5TJuTzsRtMx/d+aHShDfe54JaT0brgtxZLMmfh4gDHt6+AWEDz7penMRVZH9Sofz5 WGCHCUA+R3HNu7RGYM5hq2Cxr/J3q5qbkq1oQaOVfKkN72HM5sz/ttZNA8IiUEzhUTZW RxR7igQc3Q72/0aUCbPGJqKE8jIOPMzIjPlNlcpn9a/qm4SmyRsUfzFLc8mqtOjsadws iZQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jFudzIjpH3PSj1jK/yfrImPW4106EB7wOg0UNQ1eK1w=; b=dSD751Eae7zOqc37lHvZTRpA9yKuB7v8a2rtFS6gzRDEkTKGhmNQt+X7L8lYumU/iy 0yulG1aTXsfvFVkrXQw9g+F57UrQO63agFDvErA42DgHGjHuRCvOgufAQbaDmstLVnkf QW/Hdhj0O6YWjOiOmNpN8+aUKtOM4mQFwokBE6QFYqcFTyCh6clGULkCDXSbiAbDoNw0 fU8MUwTpt0PcBxbLiTCpKSoJAYSOuKmZbN6dtC9dISA75Z9YwRZJtBlFtmeqZg5B38eJ BlcYT/ffuyrrqoIVwEsD9DJwuPZWAUSEIX6Qe6K8JKQs2M8LoK+GHFW07vTVzInhHGbo 8NlQ==
X-Gm-Message-State: AHQUAua6sqqdFgJQv/PvS69E7MJccija2FXmPaj/v1DPeQKT3nu4qQdE c/g/YbDT+roKrnxXYEtSl/khEJMGlAIiuvVIHA4=
X-Google-Smtp-Source: AHgI3IaZZQVS/kfnRzsIr6W3DJFwj1hZyy4bWA/tD0yGHf6PUQvNdT+rsMK+wzl6wllr9cjUqrInFhVNZ6CieMloPPE=
X-Received: by 2002:a1c:7e58:: with SMTP id z85mr669997wmc.52.1550192565736; Thu, 14 Feb 2019 17:02:45 -0800 (PST)
MIME-Version: 1.0
References: <CAM4esxTm0GiXnow4Vyv0UX6kFW4U3zJgVrN_JzD31Sm6sxoYGg@mail.gmail.com> <1550007332.441557.1656692832.0E5412AE@webmail.messagingengine.com> <9425344B-D72F-474D-A549-AA2453E57F19@fb.com> <CAPDSy+5LikoojquLhaW58DbJ3VrGXUViaD0aHcTkxBJGzFjgQA@mail.gmail.com> <47E7A834-B6CD-4D73-BF49-8768A48CADF0@fb.com> <CAM4esxThzPJUxU7R5-CY-ZcgmqhYdPFMoM5Fg17vN-Hsk_pJ8A@mail.gmail.com> <CAKcm_gMmxeHHN3dtH9kby_En96oPwTqrfHE=wpqy5Z0YbX4png@mail.gmail.com> <CAN1APdegy8n3+8J-pkgB6f-SNxHtju9p1Hiyct2tHWQ0KyeiGg@mail.gmail.com> <CA+9kkMC95TnFatowKU6121g+1DPy1hMNbKPagveMfKCXtpFSUQ@mail.gmail.com> <5B7F7D53-546D-4E3F-A0FC-AC29B1B05742@huitema.net> <CAKKJt-cQm+D2vptcfCLywz_QmuZW8tMYgcxNLoxyfC67OvYPUw@mail.gmail.com> <271E52ED-FA3A-4B4D-978C-90CE5CE57053@fb.com> <CAKKJt-f4U15Nr316xjuPb2S0QYOO6YAi9HRZzLWaZVfyXT3s8A@mail.gmail.com> <6b503e6a-d9ed-e747-9db6-f943f92fe114@huitema.net> <CACpbDcdixBEBFnLNbN1OhiKv9iTGjCpT3LQH13Rd64x1N0sJsA@mail.gmail.com> <CAM4esxTRsj7WqOSiCKfhQu2CfEosC+1-wJcm9uS1ryjchtpxdA@mail.gmail.com> <CAM4esxSqOAHEXXgAYP3iHyb-mkScrkXg1e5Dx+zA=Bi=yAcnQg@mail.gmail.com> <1550117350.927768.1657684024.116377B8@webmail.messagingengine.com> <CACpbDceGpp2Vs1pztJB3o7CJqg2f4HbL2mOoJtEPPeL7CvbXsA@mail.gmail.com> <1550120918.954942.1657706568.2C59A22F@webmail.messagingengine.com> <DB6PR10MB1766CDECAEED8E8391F61CD4AC670@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <CAF8qwaD8TKN251Ru5Q0G+NH9osyVw8MqWY5g+7VvLkzQph6jOQ@mail.gmail.com> <MWHPR22MB09916CC98D4AB60AA6A185BEDA670@MWHPR22MB0991.namprd22.prod.outlook.com> <CAPDSy+4=+Kpx0AD-xOuGJJec2T-MoFX9GOgfKWFPOPkj8D1MBg@mail.gmail.com>
In-Reply-To: <CAPDSy+4=+Kpx0AD-xOuGJJec2T-MoFX9GOgfKWFPOPkj8D1MBg@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Thu, 14 Feb 2019 17:02:32 -0800
Message-ID: <CAM4esxSem6kkcd3rE7qfHJD9A1urmssoVsnagEmtJn7MU=mo5g@mail.gmail.com>
Subject: Re: QUIC ossification
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: Mike Bishop <mbishop@evequefou.be>, Jana Iyengar <jri.ietf@gmail.com>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, QUIC WG <quic@ietf.org>, Martin Thomson <mt@lowentropy.net>, David Benjamin <davidben@chromium.org>
Content-Type: multipart/alternative; boundary="00000000000036dcce0581e455bc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/nZXs752F6ng0RZAoME3dcaVFT5I>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 01:02:50 -0000
Collective, time for me to file a github issue? Or leave it on the list? On Thu, Feb 14, 2019, 12:54 PM David Schinazi <dschinazi.ietf@gmail.com wrote: > Yes, the version downgrade prevention was punted to whenever we start > using another production version and performing in-band version > negotiation. These rolling versions would qualify as such and absolutely > require downgrade prevention if we have version negotiation inside QUIC. > > That said, an important difference between TLS and QUIC here is Alt-Svc. > We don't need 100% of QUIC uses to use this rolling version to prevent > ossification, it would be fine if only HTTP/3 clients did that. > Those clients will know the server-supported versions thanks to Alt-Svc, > so there is no need for in-band version negotiation between these versions. > > It would be feasible to deploy these rolling versions while still treating > any Version Negotiation packet as a critical error. > > David > > On Thu, Feb 14, 2019 at 12:42 PM Mike Bishop <mbishop@evequefou.be> wrote: > >> We actually agreed at the interim to leave downgrade protection as future >> work, since this is currently the only version we care about. A future >> version would need to be accompanied by an extension to v1 that provides >> downgrade protection. 🙂 >> >> >> >> If we start actively flexing version negotiation, of course, we probably >> need to revisit that decision. >> >> >> >> *From:* QUIC <quic-bounces@ietf.org> *On Behalf Of * David Benjamin >> *Sent:* Thursday, February 14, 2019 12:39 PM >> *To:* Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> >> *Cc:* Jana Iyengar <jri.ietf@gmail.com>; QUIC WG <quic@ietf.org>; Martin >> Thomson <mt@lowentropy.net> >> *Subject:* Re: QUIC ossification >> >> >> >> At least in the TLS incarnation of this idea, yes, the point would be to >> support both V1 (for normal clients) and the rolling version.. That does >> not require the client reject V1 for this to work, presuming your version >> negotiation has downgrade protection. (Being forced onto a version other >> than what you would have naturally negotiated is a downgrade.) >> >> >> >> I'm not familiar with QUIC's negotiation mechanisms, but I certainly hope >> you all are downgrade-protected. That's generally important independent of >> these kinds of games. >> >> >> >> David >> >> On Wed, Feb 13, 2019 at 11:59 PM Mikkel Fahnøe Jørgensen < >> mikkelfj@gmail.com> wrote: >> >> Version of the month is problematic: >> >> >> >> Google server would need to support a basic V1, otherwise non-chrome user >> agents would fail. Chrome browsers would have to reject V1 or the greasing >> won’t work. This can only happen towards Google servers. Middleboxes now >> check for V1 or Google domain. Eith future encrypted request domain, it is >> a perfect wsy to firewall Google via Chrome. Users switch to other browser. >> >> >> >> >> ------------------------------ >> >> *Fra:* QUIC <quic-bounces@ietf.org> på vegne af Martin Thomson < >> mt@lowentropy..net <mt@lowentropy.net>> >> *Sendt:* torsdag, februar 14, 2019 6:08 AM >> *Til:* Jana Iyengar >> *Cc:* QUIC WG >> *Emne:* Re: QUIC ossification >> >> >> >> On Thu, Feb 14, 2019, at 15:48, Jana Iyengar wrote: >> > Basically, I'm proposing that QUIC v1 be assigned a random number for >> its >> > version at RFC publication time. >> >> What property do you expect that to provide? >> >> > Anyone who wants to use a different version for v1 MUST request it from >> IANA first before using it in the wild. >> >> This too. What does this achieve? >> >> I get that there seems to be the emerging view that unmanaged codepoint >> space is not good and we should ask IANA to manage it for us, but I don't >> understand what these proposals would provide. >> >>
- QUIC ossification Martin Duke
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification David Schinazi
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Ian Swett
- Re: QUIC ossification Ted Hardie
- Re: QUIC ossification Mikkel Fahnøe Jørgensen
- Re: QUIC ossification Christian Huitema
- Re: QUIC ossification Spencer Dawkins at IETF
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification Spencer Dawkins at IETF
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Christian Huitema
- Re: QUIC ossification Christian Huitema
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Mikkel Fahnøe Jørgensen
- Re: QUIC ossification Ted Hardie
- Re: QUIC ossification Spencer Dawkins at IETF
- Re: QUIC ossification Christian Huitema
- Re: QUIC ossification Spencer Dawkins at IETF
- Re: QUIC ossification David Benjamin
- RE: QUIC ossification Mike Bishop
- Re: QUIC ossification David Schinazi
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification David Schinazi
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Ian Swett
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Mikkel Fahnøe Jørgensen
- Re: QUIC ossification Spencer Dawkins at IETF
- Re: QUIC ossification Brian Trammell (IETF)
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Mikkel Fahnøe Jørgensen
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Ted Hardie
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Brian Trammell (IETF)
- Re: QUIC ossification Brian Trammell (IETF)
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Erik Kline
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Christian Huitema
- Re: QUIC ossification Mikkel Fahnøe Jørgensen
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Kazuho Oku
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Mirja Kühlewind
- RE: QUIC ossification Mike Bishop
- Re: QUIC ossification Martin Duke