IETF Logo Mail Archive

QUIC ossification

Martin Duke <martin.h.duke@gmail.com> Tue, 12 February 2019 21:19 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFDFD128B36 for <quic@ietfa.amsl.com>; Tue, 12 Feb 2019 13:19:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e75nCJGKlUjO for <quic@ietfa.amsl.com>; Tue, 12 Feb 2019 13:19:10 -0800 (PST)
Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8737124BF6 for <quic@ietf.org>; Tue, 12 Feb 2019 13:19:09 -0800 (PST)
Received: by mail-wr1-x42d.google.com with SMTP id t18so167595wrx.2 for <quic@ietf.org>; Tue, 12 Feb 2019 13:19:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Zpnpj7BxI7egv/KAQG6eLLZXh5ZzlXFCexDC/d/G3Xc=; b=Izfb9yIXyKPpbWM3gNhWibX2Qa9aZeVgzCrI1ysmtzPDJ1sX/xJrZlgoT5ldPTofNn 5TOgRGIT260EVdZmRZnGEBHs5fGhfGjIOpKoC5ozcwcDF1JQwPIj0Ae0rDxhtmil6V+e pvddfqfZjcXuMFc0eTYtoYU0CJYxAYWBCY8YEOuajr7lL1ZtrXEfsbLItZU2nxCX3VWx uza2qwj1dE8fmqC0j4GfjQFZ1kq+24mDUQHS6z+PPL+GkG4nuBY9EmJpwNxG1oFDzxUN m6aYRJ+9+fHgbd90xswVF4jGWA8XdHbBeJVbfMBAoeRxJRZErFpMC55dH5YymRPPjYuK r0vQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Zpnpj7BxI7egv/KAQG6eLLZXh5ZzlXFCexDC/d/G3Xc=; b=OSUyWeWzc4/2IYueYhvFf6EZ199xw8tzGNxum1nD7HkQ1jY9y4Lhj4UBNuEqkOkCm8 85ZhIBsNZCD2JDKDF+bBmZvIo0M8Rw2yTY17rfCtWZA4KXuqjz10z3G9ZspbsdsrgYj3 XDRb/m01OJ5Es+nu9apqfpBpcliHyYYCTcAEgyH90C6oPvcGtCIMYgWryVJlFb3Ki2KS lS/lSRmDMS+S7P/cEP1j8RCJYDj5P4EM9mVLOOdPXbfRpqGFiF5iHWfJDkcrh4CzEjA3 xhcv76bCVuFBhbn/5xqdj1Dxjh8y48CauJSCkvh0W6eRlBAai+KfUh/ccQAj3XkyROsQ d4hQ==
X-Gm-Message-State: AHQUAuay7JHh8oDdikzxX5lJobfhlQI11wQ2y5qhqGUupr6sfL6oORUB EqgmO1v7sPChyPxq8pcLiOJ0rw7mQ6eAcLTvUQVqeg==
X-Google-Smtp-Source: AHgI3IbNAd9BLNdkexS763wuOtt1un0Qb1P3lLe5zGVf823JxFDchD0uRmNiQqTqUB9vijFq7D5y79rhpQHjONvkPOU=
X-Received: by 2002:adf:ed0f:: with SMTP id a15mr4414655wro.249.1550006347782; Tue, 12 Feb 2019 13:19:07 -0800 (PST)
MIME-Version: 1.0
From: Martin Duke <martin.h.duke@gmail.com>
Date: Tue, 12 Feb 2019 13:18:55 -0800
Message-ID: <CAM4esxTm0GiXnow4Vyv0UX6kFW4U3zJgVrN_JzD31Sm6sxoYGg@mail.gmail.com>
Subject: QUIC ossification
To: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c25fa50581b8f99e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/ytjKHacss9s3i3nualU2tbU9Jco>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 21:19:12 -0000

Mark's last call for design issues led me to think about ossification
issues. We have done just about everything we can to prevent ossification.
There's a thread elsewhere about the QUIC bit, but beyond that I see two
big concerns.

1) Version. I can't think of any immediate negative consequences for a
middlebox that drops any long header with a version > 1. TLS 1.3 had to
surrender to this problem by hiding the version elsewhere.

We might avoid this by routinely coalescing long headers with random
version fields to connection-critical packets. Beyond that, I'm out of
great ideas. If we don't have a robust defense against this, we ought to
put some thought into how to deploy a v2 if the version fields is
inoperable.

2) Client Transport Parameters. Initial Keys will help a little bit, but in
TLS1.3 CCS still sorta exists because middleboxes are inspecting packets so
deeply. It's not viable for v2 to have the same transport parameters; it's
only slightly less gross to send v2 client TPs in some later message and
have to send a fairly bulky "fake" set of v1 TPs in the client hello to get
through the network.

I don't have great solutions to either of these, but I think these are
issues worth discussing given the effort we've put into blocking
ossification. If we can't adequately punish misbehaving middleboxes via
greasing-like behaviors, then we should at least have contingency plans if
the ossifiable fields do, in fact, ossify.

If this is a fruitful discussion area, I'm happy to file a github issue.

v2.23.0 | Report a Bug | By Email