IETF Logo Mail Archive

Re: QUIC ossification

Roberto Peon <fenix@fb.com> Tue, 12 February 2019 22:14 UTC

Return-Path: <prvs=79466454bb=fenix@fb.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60A4E130DE3 for <quic@ietfa.amsl.com>; Tue, 12 Feb 2019 14:14:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.703
X-Spam-Level:
X-Spam-Status: No, score=-2.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=FcgLmGXO; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=RPTamBNr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFQUiuR0GhpZ for <quic@ietfa.amsl.com>; Tue, 12 Feb 2019 14:14:54 -0800 (PST)
Received: from mx0a-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5F3F130DD8 for <quic@ietf.org>; Tue, 12 Feb 2019 14:14:53 -0800 (PST)
Received: from pps.filterd (m0089730.ppops.net [127.0.0.1]) by m0089730.ppops.net (8.16.0.27/8.16.0.27) with SMTP id x1CME1th023403; Tue, 12 Feb 2019 14:14:52 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=facebook; bh=Zq4Mvcq8jMMSgqmjLFO6o1oZMKcS4f4cPaxyBxAm0wE=; b=FcgLmGXOE4xIl0W1FcsMLA7Iwt1qNxUhwt47kRo2R0Ih0eSmxNNmptp8UlFmD+ZVryX0 JXMj0lZ2fC4E0BC1IvnYk769/wtNZN7nm6SKFfxm2f07NJ/oT4NGefOU3M498Y7EKq5s uPcSY6E108I1qA0b9hSXytJeITqhgyGed+w=
Received: from mail.thefacebook.com ([199.201.64.23]) by m0089730.ppops.net with ESMTP id 2qm48brhyn-13 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 12 Feb 2019 14:14:52 -0800
Received: from prn-mbx01.TheFacebook.com (2620:10d:c081:6::15) by prn-hub01.TheFacebook.com (2620:10d:c081:35::125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3; Tue, 12 Feb 2019 14:14:27 -0800
Received: from prn-hub03.TheFacebook.com (2620:10d:c081:35::127) by prn-mbx01.TheFacebook.com (2620:10d:c081:6::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3; Tue, 12 Feb 2019 14:14:27 -0800
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3 via Frontend Transport; Tue, 12 Feb 2019 14:14:27 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zq4Mvcq8jMMSgqmjLFO6o1oZMKcS4f4cPaxyBxAm0wE=; b=RPTamBNrErvZ4OcEWNrL/yOZL4dNnWu+jzBqndGs0JkqWknxkmvfLCc/wRptoSaZ3W3Ck5jrp4ZpIjef6w6REtDOPZefWFxf1UEf7kQRbw09+S9/OBz5GKEdczqlOywhOHRmgiI1LLuO1zEcle3/K+93BLC8KMpndFFn3QEHAsM=
Received: from BYAPR15MB2312.namprd15.prod.outlook.com (52.135.197.146) by BYAPR15MB2373.namprd15.prod.outlook.com (52.135.198.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.16; Tue, 12 Feb 2019 22:14:25 +0000
Received: from BYAPR15MB2312.namprd15.prod.outlook.com ([fe80::2403:324c:ac17:7084]) by BYAPR15MB2312.namprd15.prod.outlook.com ([fe80::2403:324c:ac17:7084%5]) with mapi id 15.20.1601.023; Tue, 12 Feb 2019 22:14:25 +0000
From: Roberto Peon <fenix@fb.com>
To: Martin Thomson <mt@lowentropy.net>, "quic@ietf.org" <quic@ietf.org>
Subject: Re: QUIC ossification
Thread-Topic: QUIC ossification
Thread-Index: AQHUwxih7UYarYoV30WBSlEhJDleK6Xcr5EA//+EwAA=
Date: Tue, 12 Feb 2019 22:14:25 +0000
Message-ID: <9425344B-D72F-474D-A549-AA2453E57F19@fb.com>
References: <CAM4esxTm0GiXnow4Vyv0UX6kFW4U3zJgVrN_JzD31Sm6sxoYGg@mail.gmail.com> <1550007332.441557.1656692832.0E5412AE@webmail.messagingengine.com>
In-Reply-To: <1550007332.441557.1656692832.0E5412AE@webmail.messagingengine.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.15.0.190117
x-originating-ip: [2620:10d:c090:200::7:55b7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2764fc57-212c-4447-52be-08d6913772f0
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605077)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:BYAPR15MB2373;
x-ms-traffictypediagnostic: BYAPR15MB2373:
x-microsoft-exchange-diagnostics: 1; BYAPR15MB2373; 20:6oaOrHRp47mwBE1iRxTuu62wBm8BLQ8/kqrdkVCqHWYfoIxVkhGDPHz9xtuIh0gSaxfclgvOh7Nr2R2EiAVMMFOYWRABFKqW1nkjgv01E9WpHnkCzaubvMd9eRGen22Q/OEhN8h9IJ6jz/9q1eq/jburo7SnKnhrzSQfULLUqEQ=
x-microsoft-antispam-prvs: <BYAPR15MB2373260FA20ABCF81ACF72B6CD650@BYAPR15MB2373.namprd15.prod.outlook.com>
x-forefront-prvs: 0946DC87A1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(136003)(39860400002)(346002)(376002)(199004)(189003)(36756003)(8936002)(476003)(76176011)(7116003)(186003)(99286004)(81166006)(8676002)(81156014)(6116002)(83716004)(256004)(25786009)(97736004)(53936002)(2616005)(11346002)(46003)(6506007)(478600001)(316002)(102836004)(446003)(221733001)(86362001)(105586002)(6436002)(305945005)(33656002)(7736002)(68736007)(6486002)(2906002)(106356001)(14454004)(6246003)(71190400001)(3480700005)(58126008)(110136005)(82746002)(486006)(6512007)(229853002)(2501003)(71200400001); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR15MB2373; H:BYAPR15MB2312.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: cZW5ACuzYBC7w1ChPUnfHXwHVPq2z2FKLtS2BljLhQ4stHmYJZ+ct5DL8PB+RpqUe1iq9qh4teACb3QsOu80dUynUrgU/ETZcWq7xs2Msq9Yx3GjIFItp5Pz/02Zrme46b49l+/fMPIyzlNo3+bRdoEB1OLTwsk0vCGovJeERL83+MPdWcaKRLTZYqs876Q1rZmuIgZpnDBSLiTLqYwXYoPCgG2uQgidbWZMI9Gdzld84pZ0BihxtlqbDM3Q2X4htLi2AuOcZ2UnQiBzNr9LrIzkW3uOC3xjcIz4WBgZy9LTjWoKefnsijZgt8+/3UL4vrOdHYetQupU3aijMVt0Cy9L/zv3toO1UCYHffMMKqZBY3pa2lpWHsNQZFxiqW/oymyy8BeGeq4zgU+dJZKVCpTzWC/xgGAYY7emhsGTiRs=
Content-Type: text/plain; charset="utf-8"
Content-ID: <A85AE59C2F8C074F8FAC7E97E509561A@namprd15.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2764fc57-212c-4447-52be-08d6913772f0
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2019 22:14:25.6154 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2373
X-OriginatorOrg: fb.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-02-12_12:, , signatures=0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/oBjs6b9smcXvNBGEd4RE2C-OFPE>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 22:14:55 -0000

My fear/experience around this is why I'd strongly recommend doing a QUIC V2 as soon as possible where the delta from V1 -> V2 is limited to *solely* what is necessary for version negotiation. 

We can simultaneously have a V3 conversation which would  include whatever else we decide we need to change/add as a separate conversation which depends on V2.

-=R

On 2/12/19, 1:36 PM, "QUIC on behalf of Martin Thomson" <quic-bounces@ietf.org on behalf of mt@lowentropy.net> wrote:

    On Wed, Feb 13, 2019, at 08:18, Martin Duke wrote:
    > 1) Version. I can't think of any immediate negative consequences for a
    > middlebox that drops any long header with a version > 1. TLS 1.3 had to
    > surrender to this problem by hiding the version elsewhere.
    > 
    > We might avoid this by routinely coalescing long headers with random
    > version fields to connection-critical packets. Beyond that, I'm out of
    > great ideas. If we don't have a robust defense against this, we ought to
    > put some thought into how to deploy a v2 if the version fields is
    > inoperable.
    
    As Mike points out, the Length field is version-specific, so there is no real defense here other than - as many have suggested - using the version field actively.  That means shipping another version.  In a sense, the fact that Google are still not on the same version gives us some time, but it could mean that we might want to look toward having the "add version negotiation and fallback protection" draft define a version rather than an extension.
     
    > 2) Client Transport Parameters. Initial Keys will help a little bit, but in
    > TLS1.3 CCS still sorta exists because middleboxes are inspecting packets so
    > deeply. It's not viable for v2 to have the same transport parameters; it's
    > only slightly less gross to send v2 client TPs in some later message and
    > have to send a fairly bulky "fake" set of v1 TPs in the client hello to get
    > through the network.
    
    I'm not concerned about transport parameters if the above issue is fixed.  TLS had no real issues with extensions, and it looks like we already have the start of a pipeline of extensions coming.  v2 can share the transport parameter extension, unless we decide to change the format in a non-compatible way.
    
    (Note: CCS in TLS 1.3 only exists because middleboxes were inspecting a lot, yes, but it also indicates that they weren't inspecting enough, because the compatibility hack we have wouldn't work if they did a proper job.)

v2.23.0 | Report a Bug | By Email