< draft-ietf-quic-applicability-04.txt   draft-ietf-quic-applicability-05.txt >
Network Working Group M. Kuehlewind Network Working Group M. Kuehlewind
Internet-Draft B. Trammell Internet-Draft Ericsson
Intended status: Informational ETH Zurich Intended status: Informational B. Trammell
Expires: October 26, 2019 April 24, 2019 Expires: January 6, 2020 Google
July 05, 2019
Applicability of the QUIC Transport Protocol Applicability of the QUIC Transport Protocol
draft-ietf-quic-applicability-04 draft-ietf-quic-applicability-05
Abstract Abstract
This document discusses the applicability of the QUIC transport This document discusses the applicability of the QUIC transport
protocol, focusing on caveats impacting application protocol protocol, focusing on caveats impacting application protocol
development and deployment over QUIC. Its intended audience is development and deployment over QUIC. Its intended audience is
designers of application protocol mappings to QUIC, and implementors designers of application protocol mappings to QUIC, and implementors
of these application protocols. of these application protocols.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 26, 2019. This Internet-Draft will expire on January 6, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 13 skipping to change at page 2, line 15
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3
2. The Necessity of Fallback . . . . . . . . . . . . . . . . . . 3 2. The Necessity of Fallback . . . . . . . . . . . . . . . . . . 3
3. Zero RTT . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Zero RTT . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Thinking in Zero RTT . . . . . . . . . . . . . . . . . . 4 3.1. Thinking in Zero RTT . . . . . . . . . . . . . . . . . . 4
3.2. Here There Be Dragons . . . . . . . . . . . . . . . . . . 4 3.2. Here There Be Dragons . . . . . . . . . . . . . . . . . . 4
3.3. Session resumption versus Keep-alive . . . . . . . . . . 4 3.3. Session resumption versus Keep-alive . . . . . . . . . . 5
4. Use of Streams . . . . . . . . . . . . . . . . . . . . . . . 6 4. Use of Streams . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Stream versus Flow Multiplexing . . . . . . . . . . . . . 6 4.1. Stream versus Flow Multiplexing . . . . . . . . . . . . . 7
4.2. Packetization and latency . . . . . . . . . . . . . . . . 7 4.2. Prioritization . . . . . . . . . . . . . . . . . . . . . 7
4.3. Prioritization . . . . . . . . . . . . . . . . . . . . . 7 4.3. Flow Control Deadlocks . . . . . . . . . . . . . . . . . 7
4.4. Flow Control Deadlocks . . . . . . . . . . . . . . . . . 8 5. Packetization and Latency . . . . . . . . . . . . . . . . . . 9
5. Port Selection . . . . . . . . . . . . . . . . . . . . . . . 9 6. Port Selection . . . . . . . . . . . . . . . . . . . . . . . 9
6. Graceful connection closure . . . . . . . . . . . . . . . . . 9 7. Connection Migration . . . . . . . . . . . . . . . . . . . . 10
7. Information exposure and the Connection ID . . . . . . . . . 9 8. Connection closure . . . . . . . . . . . . . . . . . . . . . 10
7.1. Server-Generated Connection ID . . . . . . . . . . . . . 10 9. Information exposure and the Connection ID . . . . . . . . . 11
7.2. Mitigating Timing Linkability with Connection ID 9.1. Server-Generated Connection ID . . . . . . . . . . . . . 11
Migration . . . . . . . . . . . . . . . . . . . . . . . . 10 9.2. Mitigating Timing Linkability with Connection ID
7.3. Using Server Retry for Redirection . . . . . . . . . . . 11 Migration . . . . . . . . . . . . . . . . . . . . . . . . 12
8. Use of Versions and Cryptographic Handshake . . . . . . . . . 11 9.3. Using Server Retry for Redirection . . . . . . . . . . . 12
9. Enabling New Versions . . . . . . . . . . . . . . . . . . . . 11 10. Use of Versions and Cryptographic Handshake . . . . . . . . . 12
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 11. Enabling New Versions . . . . . . . . . . . . . . . . . . . . 13
11. Security Considerations . . . . . . . . . . . . . . . . . . . 12 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 13 13. Security Considerations . . . . . . . . . . . . . . . . . . . 14
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 14
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 15. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14
14.1. Normative References . . . . . . . . . . . . . . . . . . 13 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
14.2. Informative References . . . . . . . . . . . . . . . . . 14 16.1. Normative References . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 16.2. Informative References . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
QUIC [QUIC] is a new transport protocol currently under development QUIC [QUIC] is a new transport protocol currently under development
in the IETF quic working group, focusing on support of semantics as in the IETF quic working group, focusing on support of semantics as
needed for HTTP/2 [QUIC-HTTP] such as stream-multiplexing to avoid needed for HTTP/2 [QUIC-HTTP] such as stream-multiplexing to avoid
head-of-line blocking. Based on current deployment practices, QUIC head-of-line blocking. Based on current deployment practices, QUIC
is encapsulated in UDP. The version of QUIC that is currently under is encapsulated in UDP. The version of QUIC that is currently under
development will integrate TLS 1.3 [TLS13] to encrypt all payload development will integrate TLS 1.3 [TLS13] to encrypt all payload
data and most control information. data and most control information.
skipping to change at page 4, line 42 skipping to change at page 4, line 45
Data in the first flight sent by the client in a connection Data in the first flight sent by the client in a connection
established with 0-RTT MUST be idempotent (as specified in section established with 0-RTT MUST be idempotent (as specified in section
2.1 in [QUIC-TLS]). Applications MUST be designed, and their data 2.1 in [QUIC-TLS]). Applications MUST be designed, and their data
MUST be framed, such that multiple reception of idempotent data is MUST be framed, such that multiple reception of idempotent data is
recognized as such by the receiverApplications that cannot treat data recognized as such by the receiverApplications that cannot treat data
that may appear in a 0-RTT connection establishment as idempotent that may appear in a 0-RTT connection establishment as idempotent
MUST NOT use 0-RTT establishment. For this reason the QUIC transport MUST NOT use 0-RTT establishment. For this reason the QUIC transport
SHOULD provide an interface for the application to indicate if 0-RTT SHOULD provide an interface for the application to indicate if 0-RTT
support is in general desired or a way to indicate whether data is support is in general desired or a way to indicate whether data is
idempotent, and/or whether PFS is a hard requirement for the idempotent, whether PFS is a hard requirement for the application,
application. and/or whether rejected 0-RTT dgitata should be retransmitted or
withdrawn.
3.3. Session resumption versus Keep-alive 3.3. Session resumption versus Keep-alive
Because QUIC is encapsulated in UDP, applications using QUIC must Because QUIC is encapsulated in UDP, applications using QUIC must
deal with short idle timeouts. Deployed stateful middleboxes will deal with short idle timeouts. Deployed stateful middleboxes will
generally establish state for UDP flows on the first packet state, generally establish state for UDP flows on the first packet state,
and keep state for much shorter idle periods than for TCP. According and keep state for much shorter idle periods than for TCP. According
to a 2010 study ([Hatonen10]), UDP applications can assume that any to a 2010 study ([Hatonen10]), UDP applications can assume that any
NAT binding or other state entry will be expired after just thirty NAT binding or other state entry will be expired after just thirty
seconds of inactivity. seconds of inactivity.
skipping to change at page 6, line 26 skipping to change at page 6, line 28
inform the other end or the higher layer and eventually indicate QUIC inform the other end or the higher layer and eventually indicate QUIC
to reset the connection. QUIC, however, does not need to know which to reset the connection. QUIC, however, does not need to know which
streams are critical, and does not provide an interface to streams are critical, and does not provide an interface to
exceptional handling of any stream. There are special streams in exceptional handling of any stream. There are special streams in
QUIC that are used for control on the QUIC connection, however, these QUIC that are used for control on the QUIC connection, however, these
streams are not exposed to the application. streams are not exposed to the application.
Mapping of application data to streams is application-specific and Mapping of application data to streams is application-specific and
described for HTTP/s in [QUIC-HTTP]. In general data that can be described for HTTP/s in [QUIC-HTTP]. In general data that can be
processed independently, and therefore would suffer from head of line processed independently, and therefore would suffer from head of line
blocking, if forced to be received in order, should be transmitted blocking if forced to be received in order, should be transmitted
over different streams. If there is a logical grouping of those data over different streams. If the application requires certain data to
chunks or messages, stream can be reused, or a new stream can be be received in order, the same stream should be used for that data.
opened for each chunk/message. If a QUIC receiver has maximum If there is a logical grouping of data chunks or messages, streams
can be reused, or a new stream can be opened for each chunk/message.
If one message is mapped to a single stream, resetting the stream to
expire an unacknowledged message can be used to emulate partial
reliability on a message basis. If a QUIC receiver has maximum
allowed concurrent streams open and the sender on the other end allowed concurrent streams open and the sender on the other end
indicates that more streams are needed, it doesn't automatically lead indicates that more streams are needed, it doesn't automatically lead
to an increase of the maximum number of streams by the receiver. to an increase of the maximum number of streams by the receiver.
Therefore it can be valuable to expose maximum number of allowed, Therefore it can be valuable to expose maximum number of allowed,
currently open and currently used streams to the application to make currently open and currently used streams to the application to make
the mapping of data to streams dependent on this information. the mapping of data to streams dependent on this information.
Further, streams have a maximum number of bytes that can be sent on Further, streams have a maximum number of bytes that can be sent on
one stream. This number is high enough (2^64) that this will usually one stream. This number is high enough (2^64) that this will usually
not be reached with current applications. Applications that send not be reached with current applications. Applications that send
skipping to change at page 7, line 10 skipping to change at page 7, line 20
packet is visible to the network. Therefore stream multiplexing is packet is visible to the network. Therefore stream multiplexing is
not intended to be used for differentiating streams in terms of not intended to be used for differentiating streams in terms of
network treatment. Application traffic requiring different network network treatment. Application traffic requiring different network
treatment SHOULD therefore be carried over different five-tuples treatment SHOULD therefore be carried over different five-tuples
(i.e. multiple QUIC connections). Given QUIC's ability to send (i.e. multiple QUIC connections). Given QUIC's ability to send
application data in the first RTT of a connection (if a previous application data in the first RTT of a connection (if a previous
connection to the same host has been successfully established to connection to the same host has been successfully established to
provide the respective credentials), the cost of establishing another provide the respective credentials), the cost of establishing another
connection is extremely low. connection is extremely low.
4.2. Packetization and latency 4.2. Prioritization
QUIC provides an interface that provides multiple streams to the
application; however, the application usually cannot control how data
transmitted over one stream is mapped into frames or how those frames
are bundled into packets. By default, QUIC will try to maximally
pack packets with one or more stream data frames to minimize
bandwidth consumption and computational costs (see section 8 of
[QUIC]). If there is not enough data available to fill a packet,
QUIC may even wait for a short time, to optimize bandwidth efficiency
instead of latency. This delay can either be pre-configured or
dynamically adjusted based on the observed sending pattern of the
application. If the application requires low latency, with only
small chunks of data to send, it may be valuable to indicate to QUIC
that all data should be send out immediately. Alternatively, if the
application expects to use a specific sending pattern, it can also
provide a suggested delay to QUIC for how long to wait before bundle
frames into a packet.
4.3. Prioritization
Stream prioritization is not exposed to either the network or the Stream prioritization is not exposed to either the network or the
receiver. Prioritization is managed by the sender, and the QUIC receiver. Prioritization is managed by the sender, and the QUIC
transport should provide an interface for applications to prioritize transport should provide an interface for applications to prioritize
streams [QUIC]. Further applications can implement their own streams [QUIC]. Further applications can implement their own
prioritization scheme on top of QUIC: an application protocol that prioritization scheme on top of QUIC: an application protocol that
runs on top of QUIC can define explicit messages for signaling runs on top of QUIC can define explicit messages for signaling
priority, such as those defined for HTTP/2; it can define rules that priority, such as those defined for HTTP/2; it can define rules that
allow an endpoint to determine priority based on context; or it can allow an endpoint to determine priority based on context; or it can
provide a higher level interface and leave the determination to the provide a higher level interface and leave the determination to the
skipping to change at page 8, line 7 skipping to change at page 7, line 45
before new data, unless indicated differently by the application. before new data, unless indicated differently by the application.
Currently, QUIC only provides fully reliable stream transmission, Currently, QUIC only provides fully reliable stream transmission,
which means that prioritization of retransmissions will be beneficial which means that prioritization of retransmissions will be beneficial
in most cases, by filling in gaps and freeing up the flow control in most cases, by filling in gaps and freeing up the flow control
window. For partially reliable or unreliable streams, priority window. For partially reliable or unreliable streams, priority
scheduling of retransmissions over data of higher-priority streams scheduling of retransmissions over data of higher-priority streams
might not be desirable. For such streams, QUIC could either provide might not be desirable. For such streams, QUIC could either provide
an explicit interface to control prioritization, or derive the an explicit interface to control prioritization, or derive the
prioritization decision from the reliability level of the stream. prioritization decision from the reliability level of the stream.
4.4. Flow Control Deadlocks 4.3. Flow Control Deadlocks
Flow control provides a means of managing access to the limited Flow control provides a means of managing access to the limited
buffers endpoints have for incoming data. This mechanism limits the buffers endpoints have for incoming data. This mechanism limits the
amount of data that can be in buffers in endpoints or in transit on amount of data that can be in buffers in endpoints or in transit on
the network. However, there are several ways in which limits can the network. However, there are several ways in which limits can
produce conditions that can cause a connection to either perform produce conditions that can cause a connection to either perform
suboptimally or deadlock. suboptimally or deadlock.
Deadlocks in flow control are possible for any protocol that uses Deadlocks in flow control are possible for any protocol that uses
QUIC, though whether they become a problem depends on how QUIC, though whether they become a problem depends on how
skipping to change at page 9, line 14 skipping to change at page 9, line 5
extending flow control credit for the second stream. To reduce the extending flow control credit for the second stream. To reduce the
likelihood of deadlock for interdependent data, the sender should likelihood of deadlock for interdependent data, the sender should
ensure that dependent data is not sent until the data it depends on ensure that dependent data is not sent until the data it depends on
has been accounted for in both stream- and connection- level flow has been accounted for in both stream- and connection- level flow
control credit. control credit.
Some deadlocking scenarios might be resolved by cancelling affected Some deadlocking scenarios might be resolved by cancelling affected
streams with STOP_SENDING or RST_STREAM. Cancelling some streams streams with STOP_SENDING or RST_STREAM. Cancelling some streams
results in the connection being terminated in some protocols. results in the connection being terminated in some protocols.
5. Port Selection 5. Packetization and Latency
QUIC provides an interface that provides multiple streams to the
application; however, the application usually cannot control how data
transmitted over one stream is mapped into frames or how those frames
are bundled into packets. By default, QUIC will try to maximally
pack packets with one or more stream data frames to minimize
bandwidth consumption and computational costs (see section 8 of
[QUIC]). If there is not enough data available to fill a packet,
QUIC may even wait for a short time, to optimize bandwidth efficiency
instead of latency. This delay can either be pre-configured or
dynamically adjusted based on the observed sending pattern of the
application. If the application requires low latency, with only
small chunks of data to send, it may be valuable to indicate to QUIC
that all data should be send out immediately. Alternatively, if the
application expects to use a specific sending pattern, it can also
provide a suggested delay to QUIC for how long to wait before bundle
frames into a packet.
Similarly, an appliaction has usually no control about the length of
a QUIC packet on the wire. However, QUIC provides the ability to add
a padding frame to impact the packet size. This is mainly used by
QUIC itself in the first packet in order to ensure that the path is
capable of transferring packets of at least a certain size.
Additionally, a QUIC implementation can expose an application layer
interface to specify a certain packet size. This can either be used
by the application to force certian packet sizes in specific use
cases/networks, or ensure that all packets are equally sized to
conceal potential leakage of application layer information when the
data sent by the application are not greedy. Note the initial packet
must have a minimum size of 1200 bytes according to the QUIC
specification. A receiver of a smaller initial packet may reject
this packet in order to avoid amplification attacks.
6. Port Selection
As QUIC is a general purpose transport protocol, there are no As QUIC is a general purpose transport protocol, there are no
requirements that servers use a particular UDP port for QUIC in requirements that servers use a particular UDP port for QUIC in
general. Instead, the same port number is used as would be used for general. Instead, the same port number is used as would be used for
the same application over TCP. In the case of HTTP the expectation the same application over TCP. In the case of HTTP the expectation
is that port 443 is used, which has already been registered for "http is that port 443 is used, which has already been registered for "http
protocol over TLS/SSL". However, [QUIC-HTTP] also specifies the use protocol over TLS/SSL". However, [QUIC-HTTP] also specifies the use
of Alt-Svc for HTTP/QUIC discovery which allows the server to use and of Alt-Svc for HTTP/QUIC discovery which allows the server to use and
announce a different port number. announce a different port number.
skipping to change at page 9, line 39 skipping to change at page 10, line 15
connect" [RFC6335]. Note that the assumption that an application can connect" [RFC6335]. Note that the assumption that an application can
be identified in the network based on the port number is less true be identified in the network based on the port number is less true
today, due to encapsulation, mechanisms for dynamic port assignments today, due to encapsulation, mechanisms for dynamic port assignments
as well as NATs. as well as NATs.
However, whenever a non-standard port is used which does not enable However, whenever a non-standard port is used which does not enable
easy mapping to a registered service name, this can lead to blocking easy mapping to a registered service name, this can lead to blocking
by network elements such as firewalls that rely on the port number as by network elements such as firewalls that rely on the port number as
a first order of filtering. a first order of filtering.
6. Graceful connection closure 7. Connection Migration
[EDITOR'S NOTE: give some guidance here about the steps an QUIC supports connection migration. Even if lower-layer addresses
application should take; however this is still work in progress] (usually the 4-tuple of IP addresses and ports) changes, QUIC packets
can still be associated with an existing connection based on the
Connection ID (see also section Section 9) in the QUIC header, if
present. This supports cases where address information changes due
to e.g. NAT rebinding or change of the local interface. Currently
QUIC only supports failover cases. Only one "path" can be used at a
time, and as soon as the new path is validated all traffic will be
switched over to the next path. Of course if an endpoint decided to
not use the Connection ID in short packets (Zero-length Conn ID) for
a certain connection, migration is not supported for that direction
of the connection.
7. Information exposure and the Connection ID 8. Connection closure
QUIC connections are closed either by expiration of an idle timeout
or by an explicit indication of the application that a connection
should be closed (immediate close). While data could still be
received after the immediate close has been initiated by one endpoint
(for a limited time period), the expectation is that an immediate
close was negotiated at the application layer and therefore no
additional data is expected from both sides.
An immidate close will emit an CONNECTION_CLOSE frame. This frames
has two sets of types: one for QUIC internal problems that might lead
to connection closure, and one for closures initiated by the
application. An application using QUIC can define application-
specific error codes, e.g. see [QUIC-HTTP] section 8.1. In the case
of a grateful shut-down initiated by the application after
application layer negotiation, a NO_ERROR code is expected. Further,
the CONNECTION_CLOSE frame provides an optional reason field, that
can be used to append human-readable information to an error code.
Note that QUIC RESET_STREAM and STOP_SENDING frames provide similar
capablities. Usually application error codes are defined to be
applicabile to all three frames.
Alternatively, a QUIC connection will be silently closed by each
endpoint separately after an idle timeout. The idle timeout is
announce for each endpoint during connection established and should
be accessible by the application. If an application desires to keep
the connection open for longer than the announced timeout, it can
send keep-alives messages. See {#resumption-v-keepalive} for further
guidance.
9. Information exposure and the Connection ID
QUIC exposes some information to the network in the unencrypted part QUIC exposes some information to the network in the unencrypted part
of the header, either before the encryption context is established, of the header, either before the encryption context is established,
because the information is intended to be used by the network. QUIC because the information is intended to be used by the network. QUIC
has a long header that is used during connection establishment and has a long header that is used during connection establishment and
for other control processes, and a short header that may be used for for other control processes, and a short header that may be used for
data transmission in an established connection. While the long data transmission in an established connection. While the long
header always exposes some information (such as the version and header always exposes some information (such as the version and
Connection IDs), the short header exposes at most only a single Connection IDs), the short header exposes at most only a single
Connection ID. Connection ID.
7.1. Server-Generated Connection ID Note that the Connection ID in the short header may be omitted. This
is a per-connection configuration option; if the Connection ID is not
present, then the peer omitting the connection ID will use the same
local address for the lifetime of the connection.
9.1. Server-Generated Connection ID
QUIC supports a server-generated Connection ID, transmitted to the QUIC supports a server-generated Connection ID, transmitted to the
client during connection establishment (see Section 6.1 of [QUIC]). client during connection establishment (see Section 6.1 of [QUIC]).
Servers behind load balancers may need to change the Connection ID Servers behind load balancers may need to change the Connection ID
during the handshake, encoding the identity of the server or during the handshake, encoding the identity of the server or
information about its load balancing pool, in order to support information about its load balancing pool, in order to support
stateless load balancing. Once the server generates a Connection ID stateless load balancing. Once the server generates a Connection ID
that encodes its identity, every CDN load balancer would be able to that encodes its identity, every CDN load balancer would be able to
forward the packets to that server without retaining connection forward the packets to that server without retaining connection
state. state.
Server-generated connection IDs should seek to obscure any encoding, Server-generated connection IDs should seek to obscure any encoding,
of routing identities or any other information. Exposing the server of routing identities or any other information. Exposing the server
mapping would allow linkage of multiple IP addresses to the same host mapping would allow linkage of multiple IP addresses to the same host
if the server also supports migration. Furthermore, this opens an if the server also supports migration. Furthermore, this opens an
attack vector on specific servers or pools. attack vector on specific servers or pools.
The best way to obscure an encoding is to appear random to observers, The best way to obscure an encoding is to appear random to observers,
which is most rigorously achieved with encryption. which is most rigorously achieved with encryption.
7.2. Mitigating Timing Linkability with Connection ID Migration 9.2. Mitigating Timing Linkability with Connection ID Migration
While sufficiently robust connection ID generation schemes will While sufficiently robust connection ID generation schemes will
mitigate linkability issues, they do not provide full protection. mitigate linkability issues, they do not provide full protection.
Analysis of the lifetimes of six-tuples (source and destination Analysis of the lifetimes of six-tuples (source and destination
addresses as well as the migrated CID) may expose these links anyway. addresses as well as the migrated CID) may expose these links anyway.
In the limit where connection migration in a server pool is rare, it In the limit where connection migration in a server pool is rare, it
is trivial for an observer to associate two connection IDs. is trivial for an observer to associate two connection IDs.
Conversely, in the opposite limit where every server handles multiple Conversely, in the opposite limit where every server handles multiple
simultaneous migrations, even an exposed server mapping may be simultaneous migrations, even an exposed server mapping may be
insufficient information. insufficient information.
The most efficient mitigation for these attacks is operational, The most efficient mitigation for these attacks is operational,
either by using a load balancing architecture that loads more flows either by using a load balancing architecture that loads more flows
onto a single server-side address, by coordinating the timing of onto a single server-side address, by coordinating the timing of
migrations to attempt to increase the number of simultaneous migrations to attempt to increase the number of simultaneous
migrations at a given time, or through other means. migrations at a given time, or through other means.
7.3. Using Server Retry for Redirection 9.3. Using Server Retry for Redirection
QUIC provides a Server Retry packet that can be sent by a server in QUIC provides a Server Retry packet that can be sent by a server in
response to the Client Initial packet. The server may choose a new response to the Client Initial packet. The server may choose a new
Connection ID in that packet and the client will retry by sending Connection ID in that packet and the client will retry by sending
another Client Initial packet with the server-selected Connection ID. another Client Initial packet with the server-selected Connection ID.
This mechanism can be used to redirect a connection to a different This mechanism can be used to redirect a connection to a different
server, e.g. due to performance reasons or when servers in a server server, e.g. due to performance reasons or when servers in a server
pool are upgraded gradually, and therefore may support different pool are upgraded gradually, and therefore may support different
versions of QUIC. In this case, it is assumed that all servers versions of QUIC. In this case, it is assumed that all servers
belonging to a certain pool are served in cooperation with load belonging to a certain pool are served in cooperation with load
balancers that forward the traffic based on the Connection ID. A balancers that forward the traffic based on the Connection ID. A
server can choose the Connection ID in the Server Retry packet such server can choose the Connection ID in the Server Retry packet such
that the load balancer will redirect the next Client Initial packet that the load balancer will redirect the next Client Initial packet
to a different server in that pool. to a different server in that pool.
8. Use of Versions and Cryptographic Handshake 10. Use of Versions and Cryptographic Handshake
Versioning in QUIC may change the protocol's behavior completely, Versioning in QUIC may change the protocol's behavior completely,
except for the meaning of a few header fields that have been declared except for the meaning of a few header fields that have been declared
to be invariant [QUIC-INVARIANTS]. A version of QUIC with a higher to be invariant [QUIC-INVARIANTS]. A version of QUIC with a higher
version number will not necessarily provide a better service, but version number will not necessarily provide a better service, but
might simply provide a different feature set. As such, an might simply provide a different feature set. As such, an
application needs to be able to select which versions of QUIC it application needs to be able to select which versions of QUIC it
wants to use. wants to use.
A new version could use an encryption scheme other than TLS 1.3 or A new version could use an encryption scheme other than TLS 1.3 or
higher. [QUIC] specifies requirements for the cryptographic higher. [QUIC] specifies requirements for the cryptographic
handshake as currently realized by TLS 1.3 and described in a handshake as currently realized by TLS 1.3 and described in a
separate specification [QUIC-TLS]. This split is performed to enable separate specification [QUIC-TLS]. This split is performed to enable
light-weight versioning with different cryptographic handshakes. light-weight versioning with different cryptographic handshakes.
9. Enabling New Versions 11. Enabling New Versions
QUIC provides integrity protection for its version negotiation QUIC provides integrity protection for its version negotiation
process. This process assumes that the set of versions that a server process. This process assumes that the set of versions that a server
supports is fixed. This complicates the process for deploying new supports is fixed. This complicates the process for deploying new
QUIC versions or disabling old versions when servers operate in QUIC versions or disabling old versions when servers operate in
clusters. clusters.
A server that rolls out a new version of QUIC can do so in three A server that rolls out a new version of QUIC can do so in three
stages. Each stage is completed across all server instances before stages. Each stage is completed across all server instances before
moving to the next stage. moving to the next stage.
skipping to change at page 12, line 40 skipping to change at page 14, line 11
The third stage completes the process by enabling validation of the The third stage completes the process by enabling validation of the
negotiation version as though the new version were disabled. negotiation version as though the new version were disabled.
The process for disabling an old version or rolling back the The process for disabling an old version or rolling back the
introduction of a new version uses the same process in reverse. introduction of a new version uses the same process in reverse.
Servers disable validation of the old version, stop sending the old Servers disable validation of the old version, stop sending the old
version in Version Negotiation packets, then the old version is no version in Version Negotiation packets, then the old version is no
longer accepted. longer accepted.
10. IANA Considerations 12. IANA Considerations
This document has no actions for IANA. This document has no actions for IANA.
11. Security Considerations 13. Security Considerations
See the security considerations in [QUIC] and [QUIC-TLS]; the See the security considerations in [QUIC] and [QUIC-TLS]; the
security considerations for the underlying transport protocol are security considerations for the underlying transport protocol are
relevant for applications using QUIC, as well. relevant for applications using QUIC, as well.
Application developers should note that any fallback they use when Application developers should note that any fallback they use when
QUIC cannot be used due to network blocking of UDP SHOULD guarantee QUIC cannot be used due to network blocking of UDP SHOULD guarantee
the same security properties as QUIC; if this is not possible, the the same security properties as QUIC; if this is not possible, the
connection SHOULD fail to allow the application to explicitly handle connection SHOULD fail to allow the application to explicitly handle
fallback to a less-secure alternative. See Section 2. fallback to a less-secure alternative. See Section 2.
12. Contributors 14. Contributors
Igor Lubashev contributed text to Section 7 on server-selected Igor Lubashev contributed text to Section 9 on server-selected
Connection IDs. Connection IDs.
13. Acknowledgments 15. Acknowledgments
This work is partially supported by the European Commission under This work is partially supported by the European Commission under
Horizon 2020 grant agreement no. 688421 Measurement and Architecture Horizon 2020 grant agreement no. 688421 Measurement and Architecture
for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat
for Education, Research, and Innovation under contract no. 15.0268. for Education, Research, and Innovation under contract no. 15.0268.
This support does not imply endorsement. This support does not imply endorsement.
14. References 16. References
14.1. Normative References 16.1. Normative References
[QUIC] Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed [QUIC] Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed
and Secure Transport", draft-ietf-quic-transport-20 (work and Secure Transport", draft-ietf-quic-transport-20 (work
in progress), April 2019. in progress), April 2019.
[QUIC-INVARIANTS] [QUIC-INVARIANTS]
Thomson, M., "Version-Independent Properties of QUIC", Thomson, M., "Version-Independent Properties of QUIC",
draft-ietf-quic-invariants-04 (work in progress), April draft-ietf-quic-invariants-04 (work in progress), April
2019. 2019.
skipping to change at page 14, line 5 skipping to change at page 15, line 24
[RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S.
Cheshire, "Internet Assigned Numbers Authority (IANA) Cheshire, "Internet Assigned Numbers Authority (IANA)
Procedures for the Management of the Service Name and Procedures for the Management of the Service Name and
Transport Protocol Port Number Registry", BCP 165, Transport Protocol Port Number Registry", BCP 165,
RFC 6335, DOI 10.17487/RFC6335, August 2011, RFC 6335, DOI 10.17487/RFC6335, August 2011,
<https://www.rfc-editor.org/info/rfc6335>. <https://www.rfc-editor.org/info/rfc6335>.
[TLS13] Thomson, M. and S. Turner, "Using TLS to Secure QUIC", [TLS13] Thomson, M. and S. Turner, "Using TLS to Secure QUIC",
draft-ietf-quic-tls-20 (work in progress), April 2019. draft-ietf-quic-tls-20 (work in progress), April 2019.
14.2. Informative References 16.2. Informative References
[Edeline16] [Edeline16]
Edeline, K., Kuehlewind, M., Trammell, B., Aben, E., and Edeline, K., Kuehlewind, M., Trammell, B., Aben, E., and
B. Donnet, "Using UDP for Internet Transport Evolution B. Donnet, "Using UDP for Internet Transport Evolution
(arXiv preprint 1612.07816)", December 2016, (arXiv preprint 1612.07816)", December 2016,
<https://arxiv.org/abs/1612.07816>. <https://arxiv.org/abs/1612.07816>.
[Hatonen10] [Hatonen10]
Hatonen, S., Nyrhinen, A., Eggert, L., Strowes, S., Hatonen, S., Nyrhinen, A., Eggert, L., Strowes, S.,
Sarolahti, P., and M. Kojo, "An experimental study of home Sarolahti, P., and M. Kojo, "An experimental study of home
skipping to change at page 15, line 8 skipping to change at page 16, line 24
[Trammell16] [Trammell16]
Trammell, B. and M. Kuehlewind, "Internet Path Trammell, B. and M. Kuehlewind, "Internet Path
Transparency Measurements using RIPE Atlas (RIPE72 MAT Transparency Measurements using RIPE Atlas (RIPE72 MAT
presentation)", May 2016, <https://ripe72.ripe.net/wp- presentation)", May 2016, <https://ripe72.ripe.net/wp-
content/uploads/presentations/86-atlas-udpdiff.pdf>. content/uploads/presentations/86-atlas-udpdiff.pdf>.
Authors' Addresses Authors' Addresses
Mirja Kuehlewind Mirja Kuehlewind
ETH Zurich Ericsson
Gloriastrasse 35
8092 Zurich
Switzerland
Email: mirja.kuehlewind@tik.ee.ethz.ch Email: mirja.kuehlewind@ericsson.com
Brian Trammell Brian Trammell
ETH Zurich Google
Gloriastrasse 35 Gustav-Gull-Platz 1
8092 Zurich 8004 Zurich
Switzerland Switzerland
Email: ietf@trammell.ch Email: ietf@trammell.ch
 End of changes. 29 change blocks. 
80 lines changed or deleted 145 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/