RE: Clarification of transport and HTTP version compatibility

Mike Bishop <> Thu, 10 May 2018 18:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0F11312D963 for <>; Thu, 10 May 2018 11:28:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id obnAs800V0qL for <>; Thu, 10 May 2018 11:28:19 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fe49::721]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 32D9212D88D for <>; Thu, 10 May 2018 11:28:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-evequefou-be; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Y7eMJ8bgQEjB5OGj4NRsx2Qz5juCjRYjLKYqcgEpJDI=; b=C7dhq9BslNvVgd3aIg/oMeUFuY4rSv4u9fbrDSRsT/YAEugpKLmi6R2z4zYAYUT8WnVQaFDtfoi96RSryYtRK9TDIu9iRzJW/AK9yNhbDFyn8DXc3rzsVfgviYX57Yg/uDfHkficA6KfQU7oTZGFg1hxf1hPkcFGbaWZ++h4fu4=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.735.17; Thu, 10 May 2018 18:28:15 +0000
Received: from ([fe80::3c18:f60d:11c1:143d]) by ([fe80::3c18:f60d:11c1:143d%13]) with mapi id 15.20.0735.021; Thu, 10 May 2018 18:28:15 +0000
From: Mike Bishop <>
To: Lucas Pardue <>, Sam Hurst-RD <>, IETF QUIC WG <>
Subject: RE: Clarification of transport and HTTP version compatibility
Thread-Topic: Clarification of transport and HTTP version compatibility
Date: Thu, 10 May 2018 18:28:15 +0000
Message-ID: <>
References: <>, <> <7CF7F94CB496BF4FAB1676F375F9666A3BB2B67C@bgb01xud1012>, <> <7CF7F94CB496BF4FAB1676F375F9666A3BB2B6A9@bgb01xud1012>, <> <7CF7F94CB496BF4FAB1676F375F9666A3BB2B6BE@bgb01xud1012>
In-Reply-To: <7CF7F94CB496BF4FAB1676F375F9666A3BB2B6BE@bgb01xud1012>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: [2001:4878:8103:102:100::308]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN1PR08MB1983; 7:s0OkbVJvUt8k8g5PTIPf5WAskiGdwy8vUk13sdVTTXCKozoZeypAU8VA8qmFH8gy3Dr4Up/7Jf/8rqDWPVuuuRXvGPL1VCqJ6AuOnDQmOCfVCjV/PZa6JCCEIzkMPwmtfM2A88YUTMKu9nom1LJQFTk8PBeXqrKOR8gogRx4mjw5qkSvvjSPuXHHPiYgGXRIQWr+PwDy1ByGjDoRWgs8O1DF4aZ0eVJ6DqEN96Iq7Bu4E1/bag+KWFNzu0DNk2Kp
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(5600026)(2017052603328)(7153060)(7193020); SRVR:SN1PR08MB1983;
x-ms-traffictypediagnostic: SN1PR08MB1983:
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(158342451672863)(204407124797145)(127952516941037);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231254)(944501410)(52105095)(149027)(150027)(6041310)(2016111802025)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(6072148)(6043046)(201708071742011); SRVR:SN1PR08MB1983; BCL:0; PCL:0; RULEID:; SRVR:SN1PR08MB1983;
x-forefront-prvs: 066898046A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39830400003)(366004)(39380400002)(346002)(376002)(53754006)(13464003)(189003)(199004)(25786009)(305945005)(3280700002)(55016002)(186003)(33656002)(8676002)(2906002)(9686003)(6306002)(11346002)(97736004)(5250100002)(93886005)(53936002)(53386004)(476003)(316002)(99286004)(2900100001)(486006)(86362001)(7736002)(5890100001)(6116002)(3660700001)(110136005)(8936002)(6246003)(478600001)(53546011)(446003)(106356001)(59450400001)(105586002)(6506007)(6436002)(81166006)(14454004)(81156014)(102836004)(76176011)(74316002)(68736007)(7696005)(5660300001)(229853002)(46003)(74482002)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR08MB1983;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:0;
received-spf: None ( does not designate permitted sender hosts)
x-microsoft-antispam-message-info: jhyVG4iNAYbnGPfRHSJbc5Kkvl8wuN+f3eqAtgsylNTSAKrfSusZcZJJkNLt70zJTziGlZ0BzmThZVNAnOGt/CXh/4y5XnSBeYhQ9yRZZQz3HHzT8oY9MrEhshkl/aztYtd1WFjUMMjSlRUecm6yNuBHpOnlr2A005WJFC+I3oEQinnKNcVDIwB13gVGcikH
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 603f58f9-c183-4958-648c-08d5b6a3cbca
X-MS-Exchange-CrossTenant-Network-Message-Id: 603f58f9-c183-4958-648c-08d5b6a3cbca
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 May 2018 18:28:15.4006 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR08MB1983
Archived-At: <>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 10 May 2018 18:28:22 -0000

Interesting.  I don't believe I've ever seen an implementation actually do that.  If none of the client's proffered protocols are supported, they pretend not to support ALPN and don't include the extension in the ServerHello.  (Though obviously I haven't attempted to test this much.)

-----Original Message-----
From: Lucas Pardue [] 
Sent: Wednesday, May 9, 2018 4:24 PM
To: Mike Bishop <>; Sam Hurst-RD <>; IETF QUIC WG <>
Subject: RE: Clarification of transport and HTTP version compatibility

Thanks for that explanation Mike, it makes more sense now. 

> It should be implied, but might be worth explicitly stating, that failure to agree on an ALPN is incompatible with all QUIC versions, always fatal.

I don't know if it needs explicit statement. RFC 7301 section 3.2 states that "In the event that the server supports no  protocols that the client advertises, then the server SHALL respond with a fatal "no_application_protocol" alert."


-----Original Message-----
From: Lucas Pardue []
Sent: Wednesday, May 9, 2018 2:43 PM
To: Mike Bishop <>; Sam Hurst-RD <>; IETF QUIC WG <>
Subject: RE: Clarification of transport and HTTP version compatibility

I've not terribly familiar with the transport negotiation aspects, so I'm probably missing something sorry.

I guess what is not clear to me is the question, who is responsible for ensuring a sane answer is negotiated? (I suspect no one). It gets more annoying if the client is acting on information provided to it via Alt-Svc, which is quite liberal to from the sender perspective (there are some rules for the client defined in HTTP/QUIC 2.1.1.).

How I read things in the simple case was:

1) Transport version negotiation takes place and client chooses a version. Cryptographic handshake is next.
2) Client intitiates TLS 1.3 handshake with version info for revalidation, plus ALPN list of what it believes are application protocols that are compatible with the chosen version of QUIC.
   a) POSSIBILITY 1 in a pathological case it always sends the same list regardless of version.
3) Server selects an application protocol it believes is compatible with the chosen version of QUIC.
  b) POSSIBILITY 2 naive implementations just assume "hq" works for everything.
4) Client sends something the server is unhappy with and the connection bombs with a protocol error.

From: Mike Bishop []
Sent: 09 May 2018 22:01
To: Lucas Pardue; Sam Hurst-RD; IETF QUIC WG
Subject: RE: Clarification of transport and HTTP version compatibility

They *shouldn't* be unanticipated protocol errors, because both are negotiated.  I would expect (or at least hope) that these will manifest as negotiation failures at worst.

-----Original Message-----
From: Lucas Pardue []
Sent: Wednesday, May 9, 2018 11:04 AM
To: Mike Bishop <>; Sam Hurst-RD <>; IETF QUIC WG <>
Subject: RE: Clarification of transport and HTTP version compatibility

I think this all works fine in the current stage of specification.

Longer term, what is the failure case for interoperability where different implementations have  different rules for how to combine QUIC version and HTTP/QUIC version. Protocol error due to reception of unanticipated packets and or HTTP/QUIC frames?

From: QUIC [] on behalf of Mike Bishop []
Sent: 09 May 2018 18:18
To: Sam Hurst-RD; IETF QUIC WG
Subject: RE: Clarification of transport and HTTP version compatibility

There's no firm restriction, no.  While I find it likely that draft deployments will choose to keep matching versions, the only restriction that the HTTP draft currently imposes is that it be a version of QUIC which uses TLS as the handshake protocol.

-----Original Message-----
From: QUIC <> On Behalf Of Samuel Hurst
Sent: Wednesday, May 9, 2018 9:05 AM
Subject: Clarification of transport and HTTP version compatibility

Hi all,

Does the quic-transport version and the HTTP mapping version have to match? For example, could you negotiate QUIC draft-11, but the HTTP side is still using an older version (such as draft-09 to avoid the requirement of QPACK)?

As far as I understand it, the QUIC transport version is negotiated as part of the TransportParams in the appropriate TLS extension, and the HTTP mapping version is negotiated by ALPN. So in the example above, would it be acceptable to negotiate 0xff00000a as the transport protocol version, and then have an ALPN string of "hq-09"?

I'm then assuming that a valid Alt-Svc header for my example could be as

Alt-Svc: hq-09=":4443";quic="ff00000a"

The quic-tls draft mentions in Section 9.1 "The application-layer protocol MAY restrict the QUIC version that it can operate over", but none of the quic-http drafts that I've read list any such restriction.
Therefore, I'm then further assuming that it's safe to run whatever version of the HTTP mapping I like, unless there's a compatibility matrix between the various specs that I'm missing?

Best Regards,

This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.