Re: QUIC (mostly) on top of OpenSSL without patches
Willy Tarreau <w@1wt.eu> Thu, 06 July 2023 18:14 UTC
Return-Path: <w@1wt.eu>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADD30C13AE51 for <quic@ietfa.amsl.com>; Thu, 6 Jul 2023 11:14:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p9dJ1koLXne7 for <quic@ietfa.amsl.com>; Thu, 6 Jul 2023 11:14:07 -0700 (PDT)
Received: from 1wt.eu (ded1.1wt.eu [163.172.96.212]) by ietfa.amsl.com (Postfix) with ESMTP id 42619C15199F for <quic@ietf.org>; Thu, 6 Jul 2023 11:14:05 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.17.1/8.17.1/Submit) id 366IE4nB026553; Thu, 6 Jul 2023 20:14:04 +0200
Date: Thu, 06 Jul 2023 20:14:04 +0200
From: Willy Tarreau <w@1wt.eu>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: IETF QUIC WG <quic@ietf.org>
Subject: Re: QUIC (mostly) on top of OpenSSL without patches
Message-ID: <ZKcEbBD6a94wdQGm@1wt.eu>
References: <ZKaSGYjiOYECx+g1@1wt.eu> <CACsn0ck8_obi0azab=jNOfT6HyjnzCRbwj1uc4QUP4bGGN4+ag@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CACsn0ck8_obi0azab=jNOfT6HyjnzCRbwj1uc4QUP4bGGN4+ag@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/zur-ripWUGsbllG5UxZHUpUpWyM>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jul 2023 18:14:08 -0000
Hi, On Thu, Jul 06, 2023 at 08:49:49AM -0700, Watson Ladd wrote: > I think this patch is bad for the ecosystem. We're essentially saying > there is no alternative to OpenSSL and capitulating to bad > stewardship, and further deepening the dependency. This means the > Foundation doesn't have to listen to the community and lets them make > choices that deepen that dependency. That's in part why I wanted to open a discussion about this. I think I have never hidden my feelings about how the things are "managed" overthere, where users needs and contributors work are totally ignored without even justifications. We're talking to robots. > Instead I'd like to have seen > more energy go into using forks that carry the QUIC patches we want, We do actively use and encourage to use QuicTLS, we've even documented how to use it and some of our users have been using this for a year now. We've also worked closely with the wolfSSL team to make sure their product works well with haproxy in order to provide an alternate solution and are still working with them and linux distros to see how to make it adoptable in a correct state for a few projects. But an opensource ecosystem doesn't evolve from a few isolated users' intents and actions only, especially with security components which experience a lot of resistance to change by definition. At our level we're doing a lot to present alternatives to our users and to try to make new ones emerge, but I'm well aware that it will not be sufficient. In the mean time the situation remains the same, the vast majority of our users cannot use QUIC because they do not have the skills, the time, the willingness to rebuild their own libs and watch for security alerts to update them in time. That's exactly where I think the patch can help. Am I happy with it ? Not at all, for me it's a collective failure for not having managed to convince the OpenSSL team to listen to us. And believe me, offering them this present like this irritates me to a point you don't imagine. But there are also our users at the end of the chain, and once a technical solution is on the table, it wouldn't be fair to keep them hostage just for the sake of repeating "no it cannot work with openssl, change your lib". > and a long term goal of replacing OpenSSL with a more modern, well > designed solution. OpenSSL 3.0's modularity is welcome, but they > managed to make the wrong choices in so many places, when the right > ones were there for the taking. Put it simply, for a number of our users it's simply not usable *at all* due to the extreme performance regressions coming with this unneeded modularity. So a number of users will stick to LTS distros that continue to maintain 1.1.1 past its EOL because they cannot afford to multiply their number of servers by 10. I know that Rich and Nick are watching the performance regressions closely as well because that obviously also affects QuicTLS 3.0, but a huge effort is needed on this area to undo a lot of the stuff that was done between 1.1.1 and 3.0.0. The OpenSSL project really seems to be in a dead end for me, it's incompatible with QUIC and unfixable performance-wise. So yes, alternatives are needed, but alternatives will still take many years to come and during this time a lot of users not concerned by performance cannot test QUIC at all. This also means that it limits the exposure of our various implementations and that interoperability issues will continue to come slowly. > Ultimately this is between application developers, operating systems > (who decide what libraries will be system ones), Even operating systems don't completely decide on their own. They need some assurance that upstream will be maintained long enough and will help them in case of trouble. That's not always granted with all libs, and reduces their available choice. > the US government > (whose FIPS process is part of the reason OS's make the decisions they > do), If at the end of the day the US is the only country in the world having to continue to bear openssl for eating their own dog food while the rest of the world has already turned that page, it's likely that something will change, either FIPS arriving in alternatives, the govt revisiting their requirements based on technical advice this time, or openssl restarting from an old working version and merging QUIC. So I'm not concerned with that one at all. > and the makers of alternatives. Finally there's the question of > should we be writing C taking things from the network in the year > 2023. This is totally off-topic, I don't want to enter the language rants of "should you trust the developer or the compiler", especially given that virtually every network component that participates to our present discussion is written using this language and has participated to grow the internet to what it is now. The whole problem OpenSSL is suffering from is absolutely not technical nor related to a language, but purely organisational: some people apparently decide by voting in committee of major changes (and rejections) with zero consideration for their users' needs, and unsurprisingly it causes a huge havoc because these users are essentially left with no choice at all at some point. I'm well aware of the lack of consideration for this approach within the IETF, I used to have it written on one t-shirt for many years :-) So to wrap up, yes I'm well aware that going into that direction that consists in offering a subset of QUIC based on OpenSSL, we're partially giving up the battle on the OpenSSL front and that does not please me at all. But as a compensation it can participate to expose QUIC a lot more, and this trade-off seems positive to me. The remaining question for this WG is whether we think that this limited QUIC implementation can hurt QUIC more than it would help it (and note that NGINX already uses it, I don't know with which success BTW). I tend to think it would help more but I may be biased and that's why I'm collecting advices and opinions. Thanks! Willy
- QUIC (mostly) on top of OpenSSL without patches Willy Tarreau
- Re: QUIC (mostly) on top of OpenSSL without patch… Watson Ladd
- Re: QUIC (mostly) on top of OpenSSL without patch… Ryan Hamilton
- Re: QUIC (mostly) on top of OpenSSL without patch… Ted Hardie
- Re: QUIC (mostly) on top of OpenSSL without patch… Willy Tarreau
- Re: QUIC (mostly) on top of OpenSSL without patch… Willy Tarreau
- Re: QUIC (mostly) on top of OpenSSL without patch… Sergey Kandaurov
- Re: QUIC (mostly) on top of OpenSSL without patch… Willy Tarreau