draft-ietf-quic-applicability-08.txt   draft-ietf-quic-applicability-09.txt 
Network Working Group M. Kuehlewind Network Working Group M. Kuehlewind
Internet-Draft Ericsson Internet-Draft Ericsson
Intended status: Informational B. Trammell Intended status: Informational B. Trammell
Expires: 6 May 2021 Google Expires: 26 July 2021 Google
2 November 2020 22 January 2021
Applicability of the QUIC Transport Protocol Applicability of the QUIC Transport Protocol
draft-ietf-quic-applicability-08 draft-ietf-quic-applicability-09
Abstract Abstract
This document discusses the applicability of the QUIC transport This document discusses the applicability of the QUIC transport
protocol, focusing on caveats impacting application protocol protocol, focusing on caveats impacting application protocol
development and deployment over QUIC. Its intended audience is development and deployment over QUIC. Its intended audience is
designers of application protocol mappings to QUIC, and implementors designers of application protocol mappings to QUIC, and implementors
of these application protocols. of these application protocols.
Status of This Memo Status of This Memo
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 6 May 2021. This Internet-Draft will expire on 26 July 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3
2. The Necessity of Fallback . . . . . . . . . . . . . . . . . . 3 2. The Necessity of Fallback . . . . . . . . . . . . . . . . . . 3
3. Zero RTT . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Zero RTT . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Thinking in Zero RTT . . . . . . . . . . . . . . . . . . 4 3.1. Thinking in Zero RTT . . . . . . . . . . . . . . . . . . 4
3.2. Here There Be Dragons . . . . . . . . . . . . . . . . . . 4 3.2. Here There Be Dragons . . . . . . . . . . . . . . . . . . 4
3.3. Session resumption versus Keep-alive . . . . . . . . . . 5 3.3. Session resumption versus Keep-alive . . . . . . . . . . 5
4. Use of Streams . . . . . . . . . . . . . . . . . . . . . . . 6 4. Use of Streams . . . . . . . . . . . . . . . . . . . . . . . 7
4.1. Stream versus Flow Multiplexing . . . . . . . . . . . . . 8 4.1. Stream versus Flow Multiplexing . . . . . . . . . . . . . 8
4.2. Prioritization . . . . . . . . . . . . . . . . . . . . . 8 4.2. Prioritization . . . . . . . . . . . . . . . . . . . . . 8
4.3. Flow Control Deadlocks . . . . . . . . . . . . . . . . . 8 4.3. Flow Control Deadlocks . . . . . . . . . . . . . . . . . 9
5. Packetization and Latency . . . . . . . . . . . . . . . . . . 10 5. Packetization and Latency . . . . . . . . . . . . . . . . . . 10
6. Port Selection and Application Endpoint Discovery . . . . . . 10 6. Port Selection and Application Endpoint Discovery . . . . . . 11
7. Connection Migration . . . . . . . . . . . . . . . . . . . . 11 7. Connection Migration . . . . . . . . . . . . . . . . . . . . 12
8. Connection closure . . . . . . . . . . . . . . . . . . . . . 12 8. Connection Closure . . . . . . . . . . . . . . . . . . . . . 13
9. Information exposure and the Connection ID . . . . . . . . . 13 9. Information Exposure and the Connection ID . . . . . . . . . 14
9.1. Server-Generated Connection ID . . . . . . . . . . . . . 13 9.1. Server-Generated Connection ID . . . . . . . . . . . . . 14
9.2. Mitigating Timing Linkability with Connection ID 9.2. Mitigating Timing Linkability with Connection ID
Migration . . . . . . . . . . . . . . . . . . . . . . . . 13 Migration . . . . . . . . . . . . . . . . . . . . . . . . 15
9.3. Using Server Retry for Redirection . . . . . . . . . . . 14 9.3. Using Server Retry for Redirection . . . . . . . . . . . 15
10. Use of Versions and Cryptographic Handshake . . . . . . . . . 14 10. Quality of Service (QoS) and DSCP . . . . . . . . . . . . . . 16
11. Enabling New Versions . . . . . . . . . . . . . . . . . . . . 14 11. Use of Versions and Cryptographic Handshake . . . . . . . . . 16
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 12. Enabling New Versions . . . . . . . . . . . . . . . . . . . . 16
13. Security Considerations . . . . . . . . . . . . . . . . . . . 16 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 16 14. Security Considerations . . . . . . . . . . . . . . . . . . . 18
15. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 16 15. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 18
16. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 16. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18
16.1. Normative References . . . . . . . . . . . . . . . . . . 16 17. References . . . . . . . . . . . . . . . . . . . . . . . . . 18
16.2. Informative References . . . . . . . . . . . . . . . . . 17 17.1. Normative References . . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 17.2. Informative References . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21
1. Introduction 1. Introduction
QUIC [QUIC] is a new transport protocol providing a number of QUIC [QUIC] is a new transport protocol providing a number of
advanced features. While initially designed for the HTTP use case, advanced features. While initially designed for the HTTP use case,
like most transports it is intended for use with a much wider variety it provides capabilities that can be used with a much wider variety
of applications. QUIC is encapsulated in UDP. The version of QUIC of applications. QUIC is encapsulated in UDP. QUIC version 1
that is currently under development will integrate TLS 1.3 [TLS13] to integrate TLS 1.3 [TLS13] to encrypt all payload data and most
encrypt all payload data and most control information. HTTP control information. HTTP operating over QUIC is known as HTTP/3.
operating over QUIC is known as HTTP/3.
This document provides guidance for application developers that want This document provides guidance for application developers that want
to use the QUIC protocol without implementing it on their own. This to use the QUIC protocol without implementing it on their own. This
includes general guidance for applications operating over HTTP/3 or includes general guidance for applications operating over HTTP/3 or
directly over QUIC. For specific guidance on how to integrate HTTP/3 directly over QUIC. For specific guidance on how to integrate HTTP/3
with QUIC, see [QUIC-HTTP]. with QUIC, see [QUIC-HTTP].
In the following sections we discuss specific caveats to QUIC's In the following sections we discuss specific caveats to QUIC's
applicability, and issues that application developers must consider applicability, and issues that application developers must consider
when using QUIC as a transport for their application. when using QUIC as a transport for their application.
1.1. Notational Conventions 2. The Necessity of Fallback
The words "MUST", "MUST NOT", "SHOULD", and "MAY" are used in this QUIC uses UDP as a substrate. This enables both userspace
document. It's not shouting; when these words are capitalized, they implementation traversal of middleboxes and NAT without requiring
have a special meaning as defined in [RFC2119]. updates.
2. The Necessity of Fallback While there is no evidence of widespread, systematic disadvantage of
UDP traffic compared to TCP in the Internet [Edeline16], somewhere
between three [Trammell16] and five [Swett16] percent of networks
simply block UDP traffic. All applications running on top of QUIC
must therefore either be prepared to accept connectivity failure on
such networks, or be engineered to fall back to some other transport
protocol. In the case of HTTP, this fallback is TLS 1.3 over TCP.
QUIC uses UDP as a substrate for userspace implementation and port An application that implements fallback needs to consider the
numbers for NAT and middlebox traversal. While there is no evidence security consequences. A fallback to TCP and TLS 1.3 exposes control
of widespread, systematic disadvantage of UDP traffic compared to TCP information to modification and manipulation in the network. Further
in the Internet [Edeline16], somewhere between three [Trammell16] and downgrades to older TLS versions might result in significantly weaker
five [Swett16] percent of networks simply block UDP traffic. All cryptographic protection. For example, the results of protocol
applications running on top of QUIC must therefore either be prepared negotiation [ALPN] only have confidentiality protection if TLS 1.3 is
to accept connectivity failure on such networks, or be engineered to used.
fall back to some other transport protocol. This fallback SHOULD
provide TLS 1.3 or equivalent cryptographic protection, if available,
in order to keep fallback from being exploited as a downgrade attack.
In the case of HTTP, this fallback is TLS 1.3 over TCP.
These applications must operate, perhaps with impaired functionality, These applications must operate, perhaps with impaired functionality,
in the absence of features provided by QUIC not present in the in the absence of features provided by QUIC not present in the
fallback protocol. For fallback to TLS over TCP, the most obvious fallback protocol. For fallback to TLS over TCP, the most obvious
difference is that TCP does not provide stream multiplexing and difference is that TCP does not provide stream multiplexing and
therefore stream multiplexing would need to be implemented in the therefore stream multiplexing would need to be implemented in the
application layer if needed. application layer if needed.
Further, TCP implementations and network paths often do not support Further, TCP implementations and network paths often do not support
the Fast Open option, which is analogous to 0-RTT session resumption. the Fast Open option, which is analogous to 0-RTT session resumption.
Even if Fast Open successfully operates end-to-end, it is limited to Even if Fast Open successfully operates end-to-end, it is limited to
a single packet of payload, unlike QUIC 0-RTT. a single packet of payload, unlike QUIC 0-RTT.
Note that there is some evidence of middleboxes blocking SYN data Note that there is some evidence of middleboxes blocking SYN data
even if TFO was successfully negotiated (see [PaaschNanog]). even if TFO was successfully negotiated (see [PaaschNanog]).
Any fallback mechanism is likely to impose a degradation of Any fallback mechanism is likely to impose a degradation of
performance; however, fallback MUST not silently violate the performance; however, fallback must not silently violate the
application's expectation of confidentiality or integrity of its application's expectation of confidentiality or integrity of its
payload data. payload data.
Moreover, while encryption (in this case TLS) is inseparably Moreover, while encryption (in this case TLS) is inseparably
integrated with QUIC, TLS negotiation over TCP can be blocked. In integrated with QUIC, TLS negotiation over TCP can be blocked. In
case it is RECOMMENDED to abort the connection, allowing the case it is RECOMMENDED to abort the connection, allowing the
application to present a suitable prompt to the user that secure application to present a suitable prompt to the user that secure
communication is unavailable. communication is unavailable.
3. Zero RTT 3. Zero RTT
QUIC provides for 0-RTT connection establishment. This presents QUIC provides for 0-RTT connection establishment. This presents
opportunities and challenges for applications using QUIC. opportunities and challenges for applications using QUIC.
3.1. Thinking in Zero RTT 3.1. Thinking in Zero RTT
A transport protocol that provides 0-RTT connection establishment to A transport protocol that provides 0-RTT connection establishment is
recently contacted servers is qualitatively different than one that qualitatively different than one that does not from the point of view
does not from the point of view of the application using it. of the application using it. Relative trade-offs between the cost of
Relative trade-offs between the cost of closing and reopening a closing and reopening a connection and trying to keep it open are
connection and trying to keep it open are different; see Section 3.3. different; see Section 3.3.
Applications must be slightly rethought in order to make best use of Applications must be slightly rethought in order to make best use of
0-RTT resumption. Most importantly, application operations must be 0-RTT resumption. Using 0-RTT requires an understanding of the
divided into idempotent and non-idempotent operations, as only implication of sending application data that might be replayed by an
idempotent operations may appear in 0-RTT packets. This implies that attacker.
the interface between the application and transport layer exposes
idempotence either explicitly or implicitly. Application protocols that use 0-RTT require a profile that describes
the types of information that can be safely sent. For HTTP, this
profile is described in [HTTP-REPLAY].
3.2. Here There Be Dragons 3.2. Here There Be Dragons
Retransmission or (malicious) replay of data contained in 0-RTT Retransmission or (malicious) replay of data contained in 0-RTT
resumption packets could cause the server side to receive two copies packets could cause the server side to receive two copies of the same
of the same data. This is further described in [HTTP-RETRY]. Data data.
sent during 0-RTT resumption also cannot benefit from perfect forward
secrecy (PFS).
Data in the first flight sent by the client in a connection
established with 0-RTT MUST be idempotent (as specified in section
2.1 in [QUIC-TLS]). Applications MUST be designed, and their data
MUST be framed, such that multiple reception of idempotent data is
recognized as such by the receiver. Applications that cannot treat
data that may appear in a 0-RTT connection establishment as
idempotent MUST NOT use 0-RTT establishment. For these reason the
QUIC transport SHOULD provide some or all of the following interfaces
to applications:
* indicate if 0-RTT support is in general desired, which implies Application data sent by the client in 0-RTT packets could be
that lack of PFS is acceptable for some data; processed more than once if it is replayed. Applications need to be
aware of what is safe to send in 0-RTT. Application protocols that
seek to enable the use of 0-RTT need a careful analysis and a
description of what can be sent in 0-RTT; see Section 5.6 of
[QUIC-TLS].
* an indication when 0RTT data for both egress and ingress, so that In some cases, it might be sufficient to limit application data sent
both sender and receiver understand the properties of the in 0-RTT to that which only causes actions at a server that are known
communication channel when the data is sent; and/or to be free of lasting effect. Initiating data retrieval or
establishing configuration are examples of actions that could be
safe. Idempotent operations - those for which repetition has the
same net effect as a single operation - might be safe. However, it
is also possible to combine individually idempotent operations into a
non-idempotent sequence of operations.
* whether rejected 0-RTT data should be retransmitted or withdrawn. Once a server accepts 0-RTT data there is no means of selectively
discarding data that is received. However, protocols can define ways
to reject individual actions that might be unsafe if replayed.
Some TLS implementations may offer replay protection, which may Some TLS implementations and deployments might be able to provide
mitigate some of these issues. partial or even complete replay protection, which could be used to
manage replay risk.
3.3. Session resumption versus Keep-alive 3.3. Session resumption versus Keep-alive
Because QUIC is encapsulated in UDP, applications using QUIC must Because QUIC is encapsulated in UDP, applications using QUIC must
deal with short network idle timeouts. Deployed stateful middleboxes deal with short network idle timeouts. Deployed stateful middleboxes
will generally establish state for UDP flows on the first packet will generally establish state for UDP flows on the first packet
state, and keep state for much shorter idle periods than for TCP. state, and keep state for much shorter idle periods than for TCP.
[RFC5382] suggests a TCP idle period of at least 124 minutes, though [RFC5382] suggests a TCP idle period of at least 124 minutes, though
there is not evidence of widespread implementation of this guideline there is not evidence of widespread implementation of this guideline
in the literature. Short network timeout for UDP, however, is well- in the literature. Short network timeout for UDP, however, is well-
documented. According to a 2010 study ([Hatonen10]), UDP documented. According to a 2010 study ([Hatonen10]), UDP
applications can assume that any NAT binding or other state entry can applications can assume that any NAT binding or other state entry can
expire after just thirty seconds of inactivity. Section 3.5 of expire after just thirty seconds of inactivity. Section 3.5 of
[RFC8085] further discusses keep-alive intervals for UDP: it requires [RFC8085] further discusses keep-alive intervals for UDP: it requires
a minimum value of 15 seconds, but recommends larger values, or a minimum value of 15 seconds, but recommends larger values, or
omitting keepalive entirely. omitting keepalive entirely.
By using a Connection ID, QUIC is designed to be robust to NAT By using a connection ID, QUIC is designed to be robust to NAT
address rebinding after a timeout. However, some QUIC connections address rebinding after a timeout. However, this only helps if one
may not be robust to rebinding because the routing infrastructure (in endpoint maintains availability at the address its peer uses, and the
particular, load balancers) uses the address/port four-tuple to peer is the one to send after the timeout occurs.
direct traffic. Furthermore, middleboxes with functions other than
address translation may still affect the path. In particular,
firewalls will often not admit server traffic for which it has not
kept state for corresponding packets from the client.
A QUIC application has three strategies to deal with this issue by Some QUIC connections may not be robust to rebinding because the
adjusting idle periods (noting that idle periods and the network idle routing infrastructure (in particular, load balancers) uses the
timeout is distinct from the connection idle timeout, defined as the address/port four-tuple to direct traffic. Furthermore, middleboxes
minimum of the idle timeout parameter in Section 10.1 of [QUIC]): with functions other than address translation could still affect the
path. In particular, firewalls will often not admit server traffic
for which it has not kept state for corresponding packets from the
client.
A QUIC application can adjust idle periods to manage the risk of
timeout (noting that idle periods and the network idle timeout is
distinct from the connection idle timeout, defined as the minimum of
the idle timeout parameter in Section 10.1 of [QUIC]), but then there
are three options:
* Ignore it, if the application-layer protocol consists only of * Ignore it, if the application-layer protocol consists only of
interactions with no or very short idle periods, or the protocol's interactions with no or very short idle periods, or the protocol's
resistance to NAT rebinding is sufficient. resistance to NAT rebinding is sufficient.
* Ensure there are no long idle periods. * Ensure there are no long idle periods.
* Resume the session after a long idle period, using 0-RTT * Resume the session after a long idle period, using 0-RTT
resumption when appropriate. resumption when appropriate.
skipping to change at page 6, line 19 skipping to change at page 6, line 34
frames as keep-alives, to prevent the connection and any on-path frames as keep-alives, to prevent the connection and any on-path
state from timing out. Recommendations for the use of keep-alives state from timing out. Recommendations for the use of keep-alives
are application specific, mainly depending on the latency are application specific, mainly depending on the latency
requirements and message frequency of the application. In this case, requirements and message frequency of the application. In this case,
the application mapping must specify whether the client or server is the application mapping must specify whether the client or server is
responsible for keeping the application alive. While [Hatonen10] responsible for keeping the application alive. While [Hatonen10]
suggests that 30 seconds might be a suitable value for the public suggests that 30 seconds might be a suitable value for the public
Internet when a NAT is on path, larger values are preferable if the Internet when a NAT is on path, larger values are preferable if the
deployment can consistently survive NAT rebinding, or is known to be deployment can consistently survive NAT rebinding, or is known to be
in a controlled environments like e.g. data centres in order to lower in a controlled environments like e.g. data centres in order to lower
network and computational load. Sending PING frames more frequently network and computational load.
than every 30 seconds over long idle periods may result in excessive
unproductive traffic in some situations, and to unacceptable power Sending PING frames more frequently than every 30 seconds over long
usage for power-constrained (mobile) devices. Additionally, time- idle periods may result in excessive unproductive traffic in some
outs shorter than 30 seconds can make it harder to handle trasient situations, and to unacceptable power usage for power-constrained
network interruptions, such as VM migration or coverage loss during (mobile) devices. Additionally, time-outs shorter than 30 seconds
mobilty. can make it harder to handle transient network interruptions, such as
VM migration or coverage loss during mobilty.
Alternatively, the client (but not the server) can use session Alternatively, the client (but not the server) can use session
resumption instead of sending keepalive traffic. In this case, a resumption instead of sending keepalive traffic. In this case, a
client that wants to send data to a server over a connection idle client that wants to send data to a server over a connection idle
longer than the server's idle timeout (available from the longer than the server's idle timeout (available from the
idle_timeout transport parameter) can simply reconnect. When idle_timeout transport parameter) can simply reconnect. When
possible, this reconnection can use 0-RTT session resumption, possible, this reconnection can use 0-RTT session resumption,
reducing the latency involved with restarting the connection. This reducing the latency involved with restarting the connection. This
of course only applies in cases in which 0-RTT data is safe, when the of course only applies in cases in which 0-RTT data is safe, when the
client is the restarting peer, and when the data to be sent is client is the restarting peer, and when the data to be sent is
idempotent. idempotent. Using resumption in this way also assumes that the
protocol does not accumulate any non-persistent state in association
with a connection. State bound to a connection cannot reliably be
transferred to a resumed connection.
The tradeoffs between resumption and keepalive need to be evaluated The tradeoffs between resumption and keepalive need to be evaluated
on a per-application basis. However, in general applications should on a per-application basis. However, in general applications should
use keepalives only in circumstances where continued communication is use keepalives only in circumstances where continued communication is
highly likely; [QUIC-HTTP], for instance, recommends using PING highly likely; [QUIC-HTTP], for instance, recommends using PING
frames for keepalive only when a request is outstanding. frames for keepalive only when a request is outstanding.
4. Use of Streams 4. Use of Streams
QUIC's stream multiplexing feature allows applications to run QUIC's stream multiplexing feature allows applications to run
multiple streams over a single connection, without head-of-line multiple streams over a single connection, without head-of-line
blocking between streams, associated at a point in time with a single blocking between streams, associated at a point in time with a single
five-tuple. Stream data is carried within Frames, where one QUIC five-tuple. Stream data is carried within Frames, where one QUIC
packet on the wire can carry one or multiple stream frames. packet on the wire can carry one or multiple stream frames.
Streams can be unidirectional or bidirectional, and a stream may be Streams can be unidirectional or bidirectional, and a stream may be
initiated either by client or server. Only the initiator of a initiated either by client or server. Only the initiator of a
unidirectional stream can send data on it. Due to offset encoding unidirectional stream can send data on it.
limitations, a stream can carry a maximum of 2^62-1 bytes in each
direction. In the presently unlikely event that this limit is Due to encoding limitations on stream offsets and connection flow
reached by an application, the stream can simply be closed and control limits, both streams and connections can carry a maximum of
replaced with a new one. 2^62-1 bytes in each direction. In the presently unlikely event that
this limit is reached by an application, a new connection would need
to be established.
Streams can be independently opened and closed, gracefully or by Streams can be independently opened and closed, gracefully or by
error. An application can gracefully close the egress direction of a error. An application can gracefully close the egress direction of a
stream by instructing QUIC to send a FIN bit in a STREAM frame. It stream by instructing QUIC to send a FIN bit in a STREAM frame. It
cannot gracefully close the ingress direction without a peer- cannot gracefully close the ingress direction without a peer-
generated FIN, much like in TCP. However, an endpoint can abruptly generated FIN, much like in TCP. However, an endpoint can abruptly
close either the ingress or egress direction; these actions are fully close the egress direction or request that its peer abruptly close
independent of each other. the ingress direction; these actions are fully independent of each
other.
If a stream that is critical for an application is closed, the QUIC does not provide an interface for exceptional handling of any
application can generate respective error messages on the application stream. If a stream that is critical for an application is closed,
layer to inform the other end and/or the higher layer, and eventually the application can generate error messages on the application layer
indicate QUIC to reset the connection. QUIC, however, does not need to inform the other end and/or the higher layer, which can eventually
to know which streams are critical, and does not provide an interface reset the QUIC connection.
for exceptional handling of any stream.
Mapping of application data to streams is application-specific and Mapping of application data to streams is application-specific and
described for HTTP/3 in [QUIC-HTTP]. In general, data that can be described for HTTP/3 in [QUIC-HTTP]. In general, data that can be
processed independently, and therefore would suffer from head of line processed independently, and therefore would suffer from head of line
blocking if forced to be received in order, should be transmitted blocking if forced to be received in order, should be transmitted
over separate streams. If the application requires certain data to over separate streams. If the application requires certain data to
be received in order, that data should be sent on the same stream. be received in order, that data should be sent on the same stream.
If there is a logical grouping of data chunks or messages, streams If there is a logical grouping of data chunks or messages, streams
can be reused, or a new stream can be opened for each chunk/message. can be reused, or a new stream can be opened for each chunk/message.
If one message is mapped to a single stream, resetting the stream to If one message is mapped to a single stream, resetting the stream to
skipping to change at page 7, line 48 skipping to change at page 8, line 19
reliability on a message basis. If a QUIC receiver has maximum reliability on a message basis. If a QUIC receiver has maximum
allowed concurrent streams open and the sender on the other end allowed concurrent streams open and the sender on the other end
indicates that more streams are needed, it doesn't automatically lead indicates that more streams are needed, it doesn't automatically lead
to an increase of the maximum number of streams by the receiver. to an increase of the maximum number of streams by the receiver.
Therefore it can be valuable to expose maximum number of allowed, Therefore it can be valuable to expose maximum number of allowed,
currently open and currently used streams to the application to make currently open and currently used streams to the application to make
the mapping of data to streams dependent on this information. the mapping of data to streams dependent on this information.
While a QUIC implementation must necessarily provide a way for an While a QUIC implementation must necessarily provide a way for an
application to send data on separate streams, it does not necessarily application to send data on separate streams, it does not necessarily
expose stream identifiers to the application (see e.g. [QUIC-HTTP] expose stream identifiers to the application (see, for example,
section 6) either at the sender or receiver end, so applications [QUIC-HTTP], Section 6) either at the sender or receiver end, so
should not assume access to these identifiers. applications should not assume access to these identifiers.
4.1. Stream versus Flow Multiplexing 4.1. Stream versus Flow Multiplexing
Streams are meaningful only to the application; since stream Streams are meaningful only to the application; since stream
information is carried inside QUIC's encryption boundary, no information is carried inside QUIC's encryption boundary, no
information about the stream(s) whose frames are carried by a given information about the stream(s) whose frames are carried by a given
packet is visible to the network. Therefore stream multiplexing is packet is visible to the network. Therefore stream multiplexing is
not intended to be used for differentiating streams in terms of not intended to be used for differentiating streams in terms of
network treatment. Application traffic requiring different network network treatment. Application traffic requiring different network
treatment SHOULD therefore be carried over different five-tuples treatment should therefore be carried over different five-tuples
(i.e. multiple QUIC connections). Given QUIC's ability to send (i.e. multiple QUIC connections). Given QUIC's ability to send
application data in the first RTT of a connection (if a previous application data in the first RTT of a connection (if a previous
connection to the same host has been successfully established to connection to the same host has been successfully established to
provide the respective credentials), the cost of establishing another provide the respective credentials), the cost of establishing another
connection is extremely low. connection is extremely low.
4.2. Prioritization 4.2. Prioritization
Stream prioritization is not exposed to either the network or the Stream prioritization is not exposed to either the network or the
receiver. Prioritization is managed by the sender, and the QUIC receiver. Prioritization is managed by the sender, and the QUIC
skipping to change at page 10, line 10 skipping to change at page 10, line 31
Some deadlocking scenarios might be resolved by cancelling affected Some deadlocking scenarios might be resolved by cancelling affected
streams with STOP_SENDING or RST_STREAM. Cancelling some streams streams with STOP_SENDING or RST_STREAM. Cancelling some streams
results in the connection being terminated in some protocols. results in the connection being terminated in some protocols.
5. Packetization and Latency 5. Packetization and Latency
QUIC provides an interface that provides multiple streams to the QUIC provides an interface that provides multiple streams to the
application; however, the application usually cannot control how data application; however, the application usually cannot control how data
transmitted over one stream is mapped into frames or how those frames transmitted over one stream is mapped into frames or how those frames
are bundled into packets. By default, QUIC will try to maximally are bundled into packets.
pack packets with one or more stream data frames to minimize
bandwidth consumption and computational costs (see section 13 of
[QUIC]). If there is not enough data available to fill a packet,
QUIC may even wait for a short time, to optimize bandwidth efficiency
instead of latency. This delay can either be pre-configured or
dynamically adjusted based on the observed sending pattern of the
application. If the application requires low latency, with only
small chunks of data to send, it may be valuable to indicate to QUIC
that all data should be send out immediately. Alternatively, if the
application expects to use a specific sending pattern, it can also
provide a suggested delay to QUIC for how long to wait before bundle
frames into a packet.
Similarly, an appliaction has usually no control about the length of By default, many QUIC implementations will try to maximally pack
a QUIC packet on the wire. However, QUIC provides the ability to add packets with one or more stream data frames to minimize bandwidth
a padding frame to impact the packet size. This is mainly used by consumption and computational costs (see section 13 of [QUIC]). If
QUIC itself in the first packet in order to ensure that the path is there is not enough data available to fill a packet, an
capable of transferring packets of at least a certain size. implementation might wait for a short time, to optimize bandwidth
Additionally, a QUIC implementation can expose an application layer efficiency instead of latency. This delay can either be pre-
interface to specify a certain packet size. This can either be used configured or dynamically adjusted based on the observed sending
by the application to force certian packet sizes in specific use pattern of the application.
cases/networks, or ensure that all packets are equally sized to
conceal potential leakage of application layer information when the If the application requires low latency, with only small chunks of
data sent by the application are not greedy. Note the initial packet data to send, it may be valuable to indicate to QUIC that all data
must have a minimum size of 1200 bytes according to the QUIC should be send out immediately. Alternatively, if the application
specification. A receiver of a smaller initial packet may reject expects to use a specific sending pattern, it can also provide a
this packet in order to avoid amplification attacks. suggested delay to QUIC for how long to wait before bundle frames
into a packet.
Similarly, an application has usually no control about the length of
a QUIC packet on the wire. QUIC provides the ability to add a
PADDING frame to arbitrarily increase the size of packets.
Padding is used by QUIC to ensure that the path is capable of
transferring datagrams of at least a certain size, both during the
handshake and for connection migration. Padding can also be used by
an application to reduce leakage of information about the data that
is sent. A QUIC implementation can expose an interface that allows
an application layer to specify how to apply padding.
6. Port Selection and Application Endpoint Discovery 6. Port Selection and Application Endpoint Discovery
In general, port numbers serves two purposes: "first, they provide a In general, port numbers serves two purposes: "first, they provide a
demultiplexing identifier to differentiate transport sessions between demultiplexing identifier to differentiate transport sessions between
the same pair of endpoints, and second, they may also identify the the same pair of endpoints, and second, they may also identify the
application protocol and associated service to which processes application protocol and associated service to which processes
connect" [RFC6335]. Note that the assumption that an application can connect" [RFC6335]. The assumption that an application can be
be identified in the network based on the port number is less true identified in the network based on the port number is less true today
today, due to encapsulation, mechanisms for dynamic port assignments due to encapsulation, mechanisms for dynamic port assignments, and
as well as NATs. NATs.
As QUIC is a general purpose transport protocol, there are no As QUIC is a general purpose transport protocol, there are no
requirements that servers use a particular UDP port for QUIC in requirements that servers use a particular UDP port for QUIC. For
general. For applications with a fallback to TCP which do not applications with a fallback to TCP that do not already have an
already have an alternate mapping to UDP, the registration (if alternate mapping to UDP, the registration (if necessary) and use of
necessary) and use of the UDP port number corresponding to the TCP the UDP port number corresponding to the TCP port already registered
port already registered for the application is RECOMMENDED. For for the application is RECOMMENDED. For example, the default port
example, the default port for HTTP/3 [QUIC-HTTP] is UDP port 443, for HTTP/3 [QUIC-HTTP] is UDP port 443, analogous to HTTP/1.1 or
analogous to HTTP/1.1 or HTTP/2 over TLS over TCP. HTTP/2 over TLS over TCP.
Applications SHOULD define an alternate endpoint discovery mechanism Applications could define an alternate endpoint discovery mechanism
to allow the usage of ports other than the default. For example, to allow the usage of ports other than the default. For example,
HTTP/3 ([QUIC-HTTP] sections 3.2 and 3.3) specifies the use of ALPN HTTP/3 ([QUIC-HTTP] Sections 3.2 and 3.3) specifies the use of ALPN
[RFC7301] for service discovery which allows the server to use and [RFC7301] for service discovery which allows the server to use and
announce a different port number. Note that HTTP/3's ALPN token announce a different port number. Note that HTTP/3's ALPN token
("h3") identifies not only the version of the application protocol, ("h3") identifies not only the version of the application protocol,
but also the binding to QUIC as well as the version of QUIC itself; but also the binding to QUIC as well as the version of QUIC itself;
this approach allows unambiguous agreement between the endpoints on this approach allows unambiguous agreement between the endpoints on
the protocol stack in use. the protocol stack in use.
Note that given the prevalence of the assumption in network Given the prevalence of the assumption in network management practice
management practice that a port number maps unambiguously to an that a port number maps unambiguously to an application, the use of
application, the use of ports that cannot easily be mapped to a ports that cannot easily be mapped to a registered service name might
registered service name may lead to blocking or other interference by lead to blocking or other interference by network elements such as
network elements such as firewalls that rely on the port number for firewalls that rely on the port number for application
application identification. identification.
7. Connection Migration 7. Connection Migration
QUIC supports connection migration by the client. If a lower-layer QUIC supports connection migration by the client. If a lower-layer
address changes, a QUIC endpoint can still associate packets with an address changes, a QUIC endpoint can still associate packets with an
existing connection based on the Connection ID (see also Section 9) existing connection using the Destination connection ID field (see
in the QUIC header, if present. This supports cases where address also Section 9) in the QUIC header, unless a zero-length value is
information changes, such as NAT rebinding, intentional change of the used. This supports cases where address information changes, such as
local interface, or based on an indication in the handshake of the NAT rebinding, intentional change of the local interface, or based on
server for a preferred address to be used. As such if the client is an indication in the handshake of the server for a preferred address
known or likely to sit behind a NAT, use of a connection ID for the to be used.
server is strongly recommended. A non-empty connection ID for the
server is also strongly recommended when migration is supported. Use of a non-empty connection ID for the server is strongly
recommended if any clients are behind a NAT or could be. A non-empty
connection ID is also strongly recommended when migration is
supported.
Currently QUIC only supports failover cases. Only one "path" can be Currently QUIC only supports failover cases. Only one "path" can be
used at a time, and only when the new path is validated all traffic used at a time, and only when the new path is validated all traffic
can be switched over to that new path. Path validation means that can be switched over to that new path. Path validation means that
the other endpoint in required to validate the new path before use in the other endpoint in required to validate the new path before use in
order to avoid address spoofing attacks. Path validation takes at order to avoid address spoofing attacks. Path validation takes at
least one RTT and congestion control will also be reset on path least one RTT and congestion control will also be reset on path
migration. Therefore migration usually has a performance impact. migration. Therefore migration usually has a performance impact.
As long as the new path is not validated only probing packets can be Probing packets, which cannot carry application data, can be sent on
sent. However, the probing packets can be used measure path multiple paths at once. Probing packets can be used to perform
characteristics as input for the switching decision or the congestion address validation, measure path characteristics as input for the
controller on the new path. switching decision, or prime the congestion controller in preparation
for switching to the new path.
Only the client can actively migrate. However, servers can indicate Only the client can actively migrate. However, servers can indicate
during the handshake that they prefer to transfer the connection to a during the handshake that they prefer to transfer the connection to a
different address after the handshake, e.g. to move from an address different address after the handshake. For instance, this could be
that is shared by multiple servers to an address that is unique to used to move from an address that is shared by multiple servers to an
the server instance. The server can provide an IPv4 and an IPv6 address that is unique to the server instance. The server can
address in a transport parameter during the TLS handshake and the provide an IPv4 and an IPv6 address in a transport parameter during
client can select between the two if both are provided. See also the TLS handshake and the client can select between the two if both
Section 9.6 of [QUIC]. are provided. See also Section 9.6 of [QUIC].
8. Connection closure 8. Connection Closure
QUIC connections are closed either by expiration of an idle timeout, QUIC connections are closed either by expiration of an idle timeout,
as determined by transport parameters, or by an explicit indication as determined by transport parameters, or by an explicit indication
of the application that a connection should be closed (immediate of the application that a connection should be closed (immediate
close). While data could still be received after the immediate close close). While data could still be received after the immediate close
has been initiated by one endpoint (for a limited time period), the has been initiated by one endpoint (for a limited time period), the
expectation is that an immediate close was negotiated at the expectation is that an immediate close was negotiated at the
application layer and therefore no additional data is expected from application layer and therefore no additional data is expected from
both sides. both sides.
An immidate close will emit an CONNECTION_CLOSE frame. This frames An immediate close will emit an CONNECTION_CLOSE frame. This frames
has two sets of types: one for QUIC internal problems that might lead has two sets of types: one for QUIC internal problems that might lead
to connection closure, and one for closures initiated by the to connection closure, and one for closures initiated by the
application. An application using QUIC can define application- application. An application using QUIC can define application-
specific error codes, e.g. see [QUIC-HTTP] section 8.1. In the case specific error codes (see, for example, [QUIC-HTTP], Section 8.1).
of a grateful shut-down initiated by the application after
application layer negotiation, a NO_ERROR code is expected. Further, The CONNECTION_CLOSE frame provides an optional reason field, that
the CONNECTION_CLOSE frame provides an optional reason field, that
can be used to append human-readable information to an error code. can be used to append human-readable information to an error code.
Note that QUIC RESET_STREAM and STOP_SENDING frames provide similar Note that QUIC RESET_STREAM and STOP_SENDING frames also include an
capablities. Usually application error codes are defined to be error code, but no reason string. Application error codes are
applicabile to all three frames. expected to be defined from a single space that applies to all three
frame types.
Alternatively, a QUIC connection can be silently closed by each Alternatively, a QUIC connection can be silently closed by each
endpoint separately after an idle timeout. If enabled as indicated endpoint separately after an idle timeout. If enabled as indicated
by a transport parameter in the handshake, the idle timeout is by a transport parameter in the handshake, the idle timeout is
announced for each endpoint during connection establishment and the announced for each endpoint during connection establishment and the
effective value for this connection is the minimum of the two effective value for this connection is the minimum of the two values
advertised values. An application therefore should be able to advertised by client and server. An application therefore should be
configure its own maximum value as well as have access to the able to configure its own maximum value as well as have access to the
computed minimum value for this connection. An application may computed minimum value for this connection. An application may
adjust the maximum idle timeout based on the number of open or adjust the maximum idle timeout based on the number of open or
expected connections as shorter timeout values may free-up memory expected connections as shorter timeout values may free-up memory
more quickly. If an application desires to keep the connection open more quickly.
for longer than the announced timeout, it can send keep-alives
messages, or a QUIC implementation may provide an option to defer the
time-out to avoid unnecessary load, as specified in Section 10.2.2 of
[QUIC]. See Section 3.3 for further guidance on keep-alives.
9. Information exposure and the Connection ID If an application desires to keep the connection open for longer than
the announced timeout, it can send keep-alive messages, or a QUIC
implementation may provide an option to defer the time-out to avoid
unnecessary load, as specified in Section 10.1.2 of [QUIC]. See
Section 3.3 for further guidance on keep-alives.
9. Information Exposure and the Connection ID
QUIC exposes some information to the network in the unencrypted part QUIC exposes some information to the network in the unencrypted part
of the header, either before the encryption context is established, of the header, either before the encryption context is established,
because the information is intended to be used by the network. QUIC because the information is intended to be used by the network. QUIC
has a long header that is used during connection establishment and has a long header that is used during connection establishment and
for other control processes, and a short header that may be used for for other control processes, and a short header that may be used for
data transmission in an established connection. While the long data transmission in an established connection. While the long
header always exposes some information (such as the version and header always exposes some information (such as the version and
Connection IDs), the short header exposes at most only a single connection IDs), the short header exposes at most only a single
Connection ID. connection ID.
Note that the Connection ID in the short header may be omitted. This Aside from the destination connection ID field of the first packets
is a per-connection configuration option; if the Connection ID is not sent by clients, the connection ID can be zero length. This is a
present, then the peer omitting the connection ID needs to use the choice that is made by each endpoint individually.
same local address for the lifetime of the connection and connection
migration is not supported for that direction of the connection. An endpoint that selects a zero-length connection ID will receive
packets with a zero-length destination connection ID. The endpoint
needs to use other information, such as its IP address and port
number to identify which connection is referred to. An endpoint can
choose to use the source IP address and port on datagrams, but this
could mean that the endpoint is unable to match datagrams to
connections successfully if these values change, making migration
effectively impossible.
9.1. Server-Generated Connection ID 9.1. Server-Generated Connection ID
QUIC supports a server-generated Connection ID, transmitted to the QUIC supports a server-generated connection ID, transmitted to the
client during connection establishment (see Section 6.1 of [QUIC]). client during connection establishment (see Section 7.2 of [QUIC]).
Servers behind load balancers may need to change the Connection ID Servers behind load balancers may need to change the connection ID
during the handshake, encoding the identity of the server or during the handshake, encoding the identity of the server or
information about its load balancing pool, in order to support information about its load balancing pool, in order to support
stateless load balancing. Once the server generates a Connection ID stateless load balancing.
that encodes its identity, every CDN load balancer would be able to
forward the packets to that server without retaining connection Server deployments with load balancers and other routing
state. infrastructure need to ensure that this infrastructure consistently
routes packets to the correct server instance. This might require
coordination between servers and infrastructure. One method of
achieving this involves encoding routing information into the
connection ID. This ensures that there is no need to for servers and
infrastructure to coordinate routing information for each connection.
See further [QUIC-LB].
9.2. Mitigating Timing Linkability with Connection ID Migration 9.2. Mitigating Timing Linkability with Connection ID Migration
QUIC requires that endpoints generate fresh connection IDs for use on
new network paths. Choosing values that are unlinkable to an outside
observer ensures that activity on different paths cannot be trivially
correlated using the connection ID.
While sufficiently robust connection ID generation schemes will While sufficiently robust connection ID generation schemes will
mitigate linkability issues, they do not provide full protection. mitigate linkability issues, they do not provide full protection.
Analysis of the lifetimes of six-tuples (source and destination Analysis of the lifetimes of six-tuples (source and destination
addresses as well as the migrated CID) may expose these links anyway. addresses as well as the migrated CID) may expose these links anyway.
In the limit where connection migration in a server pool is rare, it In the limit where connection migration in a server pool is rare, it
is trivial for an observer to associate two connection IDs. is trivial for an observer to associate two connection IDs.
Conversely, in the opposite limit where every server handles multiple Conversely, in the opposite limit where every server handles multiple
simultaneous migrations, even an exposed server mapping may be simultaneous migrations, even an exposed server mapping may be
insufficient information. insufficient information.
skipping to change at page 14, line 9 skipping to change at page 15, line 33
The most efficient mitigation for these attacks is operational, The most efficient mitigation for these attacks is operational,
either by using a load balancing architecture that loads more flows either by using a load balancing architecture that loads more flows
onto a single server-side address, by coordinating the timing of onto a single server-side address, by coordinating the timing of
migrations to attempt to increase the number of simultaneous migrations to attempt to increase the number of simultaneous
migrations at a given time, or through other means. migrations at a given time, or through other means.
9.3. Using Server Retry for Redirection 9.3. Using Server Retry for Redirection
QUIC provides a Server Retry packet that can be sent by a server in QUIC provides a Server Retry packet that can be sent by a server in
response to the Client Initial packet. The server may choose a new response to the Client Initial packet. The server may choose a new
Connection ID in that packet and the client will retry by sending connection ID in that packet and the client will retry by sending
another Client Initial packet with the server-selected Connection ID. another Client Initial packet with the server-selected connection ID.
This mechanism can be used to redirect a connection to a different This mechanism can be used to redirect a connection to a different
server, e.g. due to performance reasons or when servers in a server server, e.g. due to performance reasons or when servers in a server
pool are upgraded gradually, and therefore may support different pool are upgraded gradually, and therefore may support different
versions of QUIC. In this case, it is assumed that all servers versions of QUIC. In this case, it is assumed that all servers
belonging to a certain pool are served in cooperation with load belonging to a certain pool are served in cooperation with load
balancers that forward the traffic based on the Connection ID. A balancers that forward the traffic based on the connection ID. A
server can choose the Connection ID in the Server Retry packet such server can choose the connection ID in the Server Retry packet such
that the load balancer will redirect the next Client Initial packet that the load balancer will redirect the next Client Initial packet
to a different server in that pool. Alternatively the load balancer to a different server in that pool. Alternatively the load balancer
can directly offer a Retry services as further described in can directly offer a Retry services as further described in
[QUIC-LB]. [QUIC-LB].
[RFC5077] Section 4 describes an example approach for constructing [RFC5077] Section 4 describes an example approach for constructing
TLS resumption tickets that can be also applied for validation TLS resumption tickets that can be also applied for validation
tokens, however, the use of more modern cryptographic algorithms is tokens, however, the use of more modern cryptographic algorithms is
highly recommended. highly recommended.
10. Use of Versions and Cryptographic Handshake 10. Quality of Service (QoS) and DSCP
QUIC assumes that all packets of a QUIC connection or at least with
the same 5-tuple {dest addr, source addr, protocol, dest port, source
port} will receive similar network treatment as feedback about loss
or delay of each packet is used as input to the congestion
controller. Therefore it is not recommended to use different
DiffServ Code Points (DSCPs) [RFC2475] for packets belonging to the
same connection. If differential network treatment, e.g. by the use
of different DSCPs, is desired, multiple QUIC connections to the same
server may be used. However, in general it is recommended to
minimize the number of QUIC connections to the same server, to avoid
increased overheads and, more importantly, competing congestion
control.
11. Use of Versions and Cryptographic Handshake
Versioning in QUIC may change the protocol's behavior completely, Versioning in QUIC may change the protocol's behavior completely,
except for the meaning of a few header fields that have been declared except for the meaning of a few header fields that have been declared
to be invariant [QUIC-INVARIANTS]. A version of QUIC with a higher to be invariant [QUIC-INVARIANTS]. A version of QUIC with a higher
version number will not necessarily provide a better service, but version number will not necessarily provide a better service, but
might simply provide a different feature set. As such, an might simply provide a different feature set. As such, an
application needs to be able to select which versions of QUIC it application needs to be able to select which versions of QUIC it
wants to use. wants to use.
A new version could use an encryption scheme other than TLS 1.3 or A new version could use an encryption scheme other than TLS 1.3 or
higher. [QUIC] specifies requirements for the cryptographic higher. [QUIC] specifies requirements for the cryptographic
handshake as currently realized by TLS 1.3 and described in a handshake as currently realized by TLS 1.3 and described in a
separate specification [QUIC-TLS]. This split is performed to enable separate specification [QUIC-TLS]. This split is performed to enable
light-weight versioning with different cryptographic handshakes. light-weight versioning with different cryptographic handshakes.
11. Enabling New Versions 12. Enabling New Versions
QUIC provides integrity protection for its version negotiation QUIC provides integrity protection for its version negotiation
process. This process assumes that the set of versions that a server process. This process assumes that the set of versions that a server
supports is fixed. This complicates the process for deploying new supports is fixed. This complicates the process for deploying new
QUIC versions or disabling old versions when servers operate in QUIC versions or disabling old versions when servers operate in
clusters. clusters.
A server that rolls out a new version of QUIC can do so in three A server that rolls out a new version of QUIC can do so in three
stages. Each stage is completed across all server instances before stages. Each stage is completed across all server instances before
moving to the next stage. moving to the next stage.
skipping to change at page 15, line 40 skipping to change at page 17, line 36
are able accept new connections with the new version. At this point, are able accept new connections with the new version. At this point,
all servers can start sending the new version in Version Negotiation all servers can start sending the new version in Version Negotiation
packets. packets.
During the second stage, the server still allows for the possibility During the second stage, the server still allows for the possibility
that some clients believe the new version to be available and some do that some clients believe the new version to be available and some do
not. This state will persist only for as long as any Version not. This state will persist only for as long as any Version
Negotiation packets take to be transmitted and responded to. So the Negotiation packets take to be transmitted and responded to. So the
third stage can follow after a relatively short delay. third stage can follow after a relatively short delay.
The third stage completes the process by enabling validation of the The third stage completes the process by enabling authentication of
negotiation version as though the new version were disabled. the negotiated version with the assumption that the new version is
fully available.
The process for disabling an old version or rolling back the The process for disabling an old version or rolling back the
introduction of a new version uses the same process in reverse. introduction of a new version uses the same process in reverse.
Servers disable validation of the old version, stop sending the old Servers disable validation of the old version, stop sending the old
version in Version Negotiation packets, then the old version is no version in Version Negotiation packets, then the old version is no
longer accepted. longer accepted.
12. IANA Considerations 13. IANA Considerations
This document has no actions for IANA; however, note that Section 6 This document has no actions for IANA; however, note that Section 6
recommends that application bindings to QUIC for applications using recommends that application bindings to QUIC for applications using
TCP register UDP ports analogous to their existing TCP registrations. TCP register UDP ports analogous to their existing TCP registrations.
13. Security Considerations 14. Security Considerations
See the security considerations in [QUIC] and [QUIC-TLS]; the See the security considerations in [QUIC] and [QUIC-TLS]; the
security considerations for the underlying transport protocol are security considerations for the underlying transport protocol are
relevant for applications using QUIC, as well. relevant for applications using QUIC, as well. Considerations on
linkability, replay attacks, and randomness discussed in [QUIC-TLS]
should be taken into account when deploying and using QUIC.
Application developers should note that any fallback they use when Application developers should note that any fallback they use when
QUIC cannot be used due to network blocking of UDP SHOULD guarantee QUIC cannot be used due to network blocking of UDP should guarantee
the same security properties as QUIC; if this is not possible, the the same security properties as QUIC; if this is not possible, the
connection SHOULD fail to allow the application to explicitly handle connection should fail to allow the application to explicitly handle
fallback to a less-secure alternative. See Section 2. fallback to a less-secure alternative. See Section 2.
14. Contributors Further [QUIC-HTTP] provides security considerations specific to
HTTP. However, discussions such as on cross protocol attacks,
traffic analysis and padding, or migration might be relevant for
other applications using QUIC as well.
15. Contributors
Igor Lubashev contributed text to Section 9 on server-selected Igor Lubashev contributed text to Section 9 on server-selected
Connection IDs. connection IDs.
15. Acknowledgments 16. Acknowledgments
This work is partially supported by the European Commission under This work is partially supported by the European Commission under
Horizon 2020 grant agreement no. 688421 Measurement and Architecture Horizon 2020 grant agreement no. 688421 Measurement and Architecture
for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat
for Education, Research, and Innovation under contract no. 15.0268. for Education, Research, and Innovation under contract no. 15.0268.
This support does not imply endorsement. This support does not imply endorsement.
16. References 17. References
16.1. Normative References 17.1. Normative References
[QUIC] Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed [QUIC] Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed
and Secure Transport", Work in Progress, Internet-Draft, and Secure Transport", Work in Progress, Internet-Draft,
draft-ietf-quic-transport-32, 20 October 2020, draft-ietf-quic-transport-34, 14 January 2021,
<http://www.ietf.org/internet-drafts/draft-ietf-quic- <http://www.ietf.org/internet-drafts/draft-ietf-quic-
transport-32.txt>. transport-34.txt>.
[QUIC-INVARIANTS] [QUIC-INVARIANTS]
Thomson, M., "Version-Independent Properties of QUIC", Thomson, M., "Version-Independent Properties of QUIC",
Work in Progress, Internet-Draft, draft-ietf-quic- Work in Progress, Internet-Draft, draft-ietf-quic-
invariants-11, 24 September 2020, <http://www.ietf.org/ invariants-13, 14 January 2021, <http://www.ietf.org/
internet-drafts/draft-ietf-quic-invariants-11.txt>. internet-drafts/draft-ietf-quic-invariants-13.txt>.
[QUIC-TLS] Thomson, M. and S. Turner, "Using TLS to Secure QUIC", [QUIC-TLS] Thomson, M. and S. Turner, "Using TLS to Secure QUIC",
Work in Progress, Internet-Draft, draft-ietf-quic-tls-32, Work in Progress, Internet-Draft, draft-ietf-quic-tls-34,
20 October 2020, <http://www.ietf.org/internet-drafts/ 14 January 2021, <http://www.ietf.org/internet-drafts/
draft-ietf-quic-tls-32.txt>. draft-ietf-quic-tls-34.txt>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S.
Cheshire, "Internet Assigned Numbers Authority (IANA) Cheshire, "Internet Assigned Numbers Authority (IANA)
Procedures for the Management of the Service Name and Procedures for the Management of the Service Name and
Transport Protocol Port Number Registry", BCP 165, Transport Protocol Port Number Registry", BCP 165,
RFC 6335, DOI 10.17487/RFC6335, August 2011, RFC 6335, DOI 10.17487/RFC6335, August 2011,
<https://www.rfc-editor.org/info/rfc6335>. <https://www.rfc-editor.org/info/rfc6335>.
[TLS13] Thomson, M. and S. Turner, "Using TLS to Secure QUIC", [TLS13] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Work in Progress, Internet-Draft, draft-ietf-quic-tls-32, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
20 October 2020, <http://www.ietf.org/internet-drafts/ <https://www.rfc-editor.org/info/rfc8446>.
draft-ietf-quic-tls-32.txt>.
16.2. Informative References 17.2. Informative References
[ALPN] Friedl, S., Popov, A., Langley, A., and E. Stephan,
"Transport Layer Security (TLS) Application-Layer Protocol
Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301,
July 2014, <https://www.rfc-editor.org/info/rfc7301>.
[Edeline16] [Edeline16]
Edeline, K., Kuehlewind, M., Trammell, B., Aben, E., and Edeline, K., Kuehlewind, M., Trammell, B., Aben, E., and
B. Donnet, "Using UDP for Internet Transport Evolution B. Donnet, "Using UDP for Internet Transport Evolution
(arXiv preprint 1612.07816)", 22 December 2016, (arXiv preprint 1612.07816)", 22 December 2016,
<https://arxiv.org/abs/1612.07816>. <https://arxiv.org/abs/1612.07816>.
[Hatonen10] [Hatonen10]
Hatonen, S., Nyrhinen, A., Eggert, L., Strowes, S., Hatonen, S., Nyrhinen, A., Eggert, L., Strowes, S.,
Sarolahti, P., and M. Kojo, "An experimental study of home Sarolahti, P., and M. Kojo, "An experimental study of home
gateway characteristics (Proc. ACM IMC 2010)", October gateway characteristics (Proc. ACM IMC 2010)", October
2010. 2010.
[HTTP-RETRY] [HTTP-REPLAY]
Nottingham, M., "Retrying HTTP Requests", Work in Thomson, M., Nottingham, M., and W. Tarreau, "Using Early
Progress, Internet-Draft, draft-nottingham-httpbis-retry- Data in HTTP", RFC 8470, DOI 10.17487/RFC8470, September
01, 1 February 2017, <http://www.ietf.org/internet-drafts/ 2018, <https://www.rfc-editor.org/info/rfc8470>.
draft-nottingham-httpbis-retry-01.txt>.
[I-D.nottingham-httpbis-retry] [I-D.nottingham-httpbis-retry]
Nottingham, M., "Retrying HTTP Requests", Work in Nottingham, M., "Retrying HTTP Requests", Work in
Progress, Internet-Draft, draft-nottingham-httpbis-retry- Progress, Internet-Draft, draft-nottingham-httpbis-retry-
01, 1 February 2017, <http://www.ietf.org/internet-drafts/ 01, 1 February 2017, <http://www.ietf.org/internet-drafts/
draft-nottingham-httpbis-retry-01.txt>. draft-nottingham-httpbis-retry-01.txt>.
[PaaschNanog] [PaaschNanog]
Paasch, C., "Network Support for TCP Fast Open (NANOG 67 Paasch, C., "Network Support for TCP Fast Open (NANOG 67
presentation)", 13 June 2016, presentation)", 13 June 2016,
<https://www.nanog.org/sites/default/files/ <https://www.nanog.org/sites/default/files/
Paasch_Network_Support.pdf>. Paasch_Network_Support.pdf>.
[QUIC-HTTP] [QUIC-HTTP]
Bishop, M., "Hypertext Transfer Protocol Version 3 Bishop, M., "Hypertext Transfer Protocol Version 3
(HTTP/3)", Work in Progress, Internet-Draft, draft-ietf- (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf-
quic-http-32, 20 October 2020, <http://www.ietf.org/ quic-http-33, 15 December 2020, <http://www.ietf.org/
internet-drafts/draft-ietf-quic-http-32.txt>. internet-drafts/draft-ietf-quic-http-33.txt>.
[QUIC-LB] Duke, M. and N. Banks, "QUIC-LB: Generating Routable QUIC [QUIC-LB] Duke, M. and N. Banks, "QUIC-LB: Generating Routable QUIC
Connection IDs", Work in Progress, Internet-Draft, draft- Connection IDs", Work in Progress, Internet-Draft, draft-
ietf-quic-load-balancers-05, 30 October 2020, ietf-quic-load-balancers-05, 30 October 2020,
<http://www.ietf.org/internet-drafts/draft-ietf-quic-load- <http://www.ietf.org/internet-drafts/draft-ietf-quic-load-
balancers-05.txt>. balancers-05.txt>.
[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
and W. Weiss, "An Architecture for Differentiated
Services", RFC 2475, DOI 10.17487/RFC2475, December 1998,
<https://www.rfc-editor.org/info/rfc2475>.
[RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig, [RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig,
"Transport Layer Security (TLS) Session Resumption without "Transport Layer Security (TLS) Session Resumption without
Server-Side State", RFC 5077, DOI 10.17487/RFC5077, Server-Side State", RFC 5077, DOI 10.17487/RFC5077,
January 2008, <https://www.rfc-editor.org/info/rfc5077>. January 2008, <https://www.rfc-editor.org/info/rfc5077>.
[RFC5382] Guha, S., Ed., Biswas, K., Ford, B., Sivakumar, S., and P. [RFC5382] Guha, S., Ed., Biswas, K., Ford, B., Sivakumar, S., and P.
Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142, Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142,
RFC 5382, DOI 10.17487/RFC5382, October 2008, RFC 5382, DOI 10.17487/RFC5382, October 2008,
<https://www.rfc-editor.org/info/rfc5382>. <https://www.rfc-editor.org/info/rfc5382>.
 End of changes. 77 change blocks. 
254 lines changed or deleted 318 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/