draft-ietf-quic-applicability-10.txt   draft-ietf-quic-applicability-11.txt 
Network Working Group M. Kuehlewind Network Working Group M. Kuehlewind
Internet-Draft Ericsson Internet-Draft Ericsson
Intended status: Informational B. Trammell Intended status: Informational B. Trammell
Expires: 26 August 2021 Google Expires: 23 October 2021 Google
22 February 2021 21 April 2021
Applicability of the QUIC Transport Protocol Applicability of the QUIC Transport Protocol
draft-ietf-quic-applicability-10 draft-ietf-quic-applicability-11
Abstract Abstract
This document discusses the applicability of the QUIC transport This document discusses the applicability of the QUIC transport
protocol, focusing on caveats impacting application protocol protocol, focusing on caveats impacting application protocol
development and deployment over QUIC. Its intended audience is development and deployment over QUIC. Its intended audience is
designers of application protocol mappings to QUIC, and implementors designers of application protocol mappings to QUIC, and implementors
of these application protocols. of these application protocols.
Status of This Memo Status of This Memo
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 26 August 2021. This Internet-Draft will expire on 23 October 2021.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 17 skipping to change at page 2, line 17
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. The Necessity of Fallback . . . . . . . . . . . . . . . . . . 3 2. The Necessity of Fallback . . . . . . . . . . . . . . . . . . 3
3. Zero RTT . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Zero RTT . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 4 3.1. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 4
3.2. Session resumption versus Keep-alive . . . . . . . . . . 5 3.2. Session resumption versus Keep-alive . . . . . . . . . . 5
4. Use of Streams . . . . . . . . . . . . . . . . . . . . . . . 7 4. Use of Streams . . . . . . . . . . . . . . . . . . . . . . . 7
4.1. Stream versus Flow Multiplexing . . . . . . . . . . . . . 8 4.1. Stream versus Flow Multiplexing . . . . . . . . . . . . . 8
4.2. Prioritization . . . . . . . . . . . . . . . . . . . . . 9 4.2. Prioritization . . . . . . . . . . . . . . . . . . . . . 9
4.3. Ordered and Reliable Delivery . . . . . . . . . . . . . . 9 4.3. Ordered and Reliable Delivery . . . . . . . . . . . . . . 9
4.4. Flow Control Deadlocks . . . . . . . . . . . . . . . . . 10 4.4. Flow Control Deadlocks . . . . . . . . . . . . . . . . . 10
5. Packetization and Latency . . . . . . . . . . . . . . . . . . 11 4.5. Stream Limit Commitments . . . . . . . . . . . . . . . . 11
6. Port Selection and Application Endpoint Discovery . . . . . . 12 5. Packetization and Latency . . . . . . . . . . . . . . . . . . 12
7. Connection Migration . . . . . . . . . . . . . . . . . . . . 12 6. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 13
8. Connection Closure . . . . . . . . . . . . . . . . . . . . . 13 7. ACK-only packets on constrained links . . . . . . . . . . . . 14
9. Information Exposure and the Connection ID . . . . . . . . . 14 8. Port Selection and Application Endpoint Discovery . . . . . . 14
9.1. Server-Generated Connection ID . . . . . . . . . . . . . 15 9. Connection Migration . . . . . . . . . . . . . . . . . . . . 15
9.2. Mitigating Timing Linkability with Connection ID 10. Connection Termination . . . . . . . . . . . . . . . . . . . 16
Migration . . . . . . . . . . . . . . . . . . . . . . . . 15 11. Information Exposure and the Connection ID . . . . . . . . . 16
9.3. Using Server Retry for Redirection . . . . . . . . . . . 16 11.1. Server-Generated Connection ID . . . . . . . . . . . . . 17
10. Quality of Service (QoS) and DSCP . . . . . . . . . . . . . . 16 11.2. Mitigating Timing Linkability with Connection ID
11. Use of Versions and Cryptographic Handshake . . . . . . . . . 16 Migration . . . . . . . . . . . . . . . . . . . . . . . 17
12. Enabling New Versions . . . . . . . . . . . . . . . . . . . . 17 11.3. Using Server Retry for Redirection . . . . . . . . . . . 18
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 12. Quality of Service (QoS) and DSCP . . . . . . . . . . . . . . 18
14. Security Considerations . . . . . . . . . . . . . . . . . . . 18 13. Use of Versions and Cryptographic Handshake . . . . . . . . . 19
15. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 18 14. Enabling New Versions . . . . . . . . . . . . . . . . . . . . 19
16. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 15. Unreliable Datagram Service over QUIC . . . . . . . . . . . . 20
17. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 16. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
17.1. Normative References . . . . . . . . . . . . . . . . . . 19 17. Security Considerations . . . . . . . . . . . . . . . . . . . 21
17.2. Informative References . . . . . . . . . . . . . . . . . 19 18. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 21
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 19. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21
20. References . . . . . . . . . . . . . . . . . . . . . . . . . 21
20.1. Normative References . . . . . . . . . . . . . . . . . . 21
20.2. Informative References . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24
1. Introduction 1. Introduction
QUIC [QUIC] is a new transport protocol providing a number of QUIC [QUIC] is a new transport protocol providing a number of
advanced features. While initially designed for the HTTP use case, advanced features. While initially designed for the HTTP use case,
it provides capabilities that can be used with a much wider variety it provides capabilities that can be used with a much wider variety
of applications. QUIC is encapsulated in UDP. QUIC version 1 of applications. QUIC is encapsulated in UDP. QUIC version 1
integrates TLS 1.3 [TLS13] to encrypt all payload data and most integrates TLS 1.3 [TLS13] to encrypt all payload data and most
control information. The version of HTTP that uses QUIC is known as control information. The version of HTTP that uses QUIC is known as
HTTP/3 [QUIC-HTTP]. HTTP/3 [QUIC-HTTP].
skipping to change at page 3, line 44 skipping to change at page 3, line 49
might result in significantly weaker cryptographic protection. For might result in significantly weaker cryptographic protection. For
example, the results of protocol negotiation [RFC7301] only have example, the results of protocol negotiation [RFC7301] only have
confidentiality protection if TLS 1.3 is used. confidentiality protection if TLS 1.3 is used.
These applications must operate, perhaps with impaired functionality, These applications must operate, perhaps with impaired functionality,
in the absence of features provided by QUIC not present in the in the absence of features provided by QUIC not present in the
fallback protocol. For fallback to TLS over TCP, the most obvious fallback protocol. For fallback to TLS over TCP, the most obvious
difference is that TCP does not provide stream multiplexing and difference is that TCP does not provide stream multiplexing and
therefore stream multiplexing would need to be implemented in the therefore stream multiplexing would need to be implemented in the
application layer if needed. Further, TCP implementations and application layer if needed. Further, TCP implementations and
network paths often do not support the Fast Open option, which is network paths often do not support the Fast Open option [RFC7413],
analogous to 0-RTT session resumption. Note that there is some which enables sending of payload data together with the first control
evidence of middleboxes blocking SYN data even if TFO was packet of a new connection as also provided by 0-RTT session
successfully negotiated (see [PaaschNanog]). And even if Fast Open resumption in QUIC. Note that there is some evidence of middleboxes
successfully operates end-to-end, it is limited to a single packet of blocking SYN data even if TFO was successfully negotiated (see
payload, unlike QUIC 0-RTT. [PaaschNanog]). And even if Fast Open successfully operates end-to-
end, it is limited to a single packet of TLS handshake and
application data, unlike QUIC 0-RTT.
Moreover, while encryption (in this case TLS) is inseparably Moreover, while encryption (in this case TLS) is inseparably
integrated with QUIC, TLS negotiation over TCP can be blocked. If integrated with QUIC, TLS negotiation over TCP can be blocked. If
TLS over TCP cannot be supported, the connection should be aborted TLS over TCP cannot be supported, the connection should be aborted,
instead, in order to enable the application to present a suitable and the application then ought to present a suitable prompt to the
prompt to the user that secure communication is unavailable. user that secure communication is unavailable.
In summary, any fallback mechanism is likely to impose a degradation In summary, any fallback mechanism is likely to impose a degradation
of performance and can degrade security; however, fallback must not of performance and can degrade security; however, fallback must not
silently violate the application's expectation of confidentiality or silently violate the application's expectation of confidentiality or
integrity of its payload data. integrity of its payload data.
3. Zero RTT 3. Zero RTT
QUIC provides for 0-RTT connection establishment. Though the same QUIC provides for 0-RTT connection establishment. Though the same
facility exists in TLS 1.3 with TCP, 0-RTT presents opportunities and facility exists in TLS 1.3 with TCP, 0-RTT presents opportunities and
skipping to change at page 7, line 26 skipping to change at page 7, line 26
QUIC's stream multiplexing feature allows applications to run QUIC's stream multiplexing feature allows applications to run
multiple streams over a single connection, without head-of-line multiple streams over a single connection, without head-of-line
blocking between streams, associated at a point in time with a single blocking between streams, associated at a point in time with a single
five-tuple. Stream data is carried within frames, where one QUIC five-tuple. Stream data is carried within frames, where one QUIC
packet on the wire can carry one or multiple stream frames. packet on the wire can carry one or multiple stream frames.
Streams can be unidirectional or bidirectional, and a stream may be Streams can be unidirectional or bidirectional, and a stream may be
initiated either by client or server. Only the initiator of a initiated either by client or server. Only the initiator of a
unidirectional stream can send data on it. unidirectional stream can send data on it.
Streams and connections can each carry a maximum of 2^(62)-1 bytes in Streams and connections can each carry a maximum of 2^62-1 bytes in
each direction, due to encoding limitations on stream offsets and each direction, due to encoding limitations on stream offsets and
connection flow control limits. In the presently unlikely event that connection flow control limits. In the presently unlikely event that
this limit is reached by an application, a new connection would need this limit is reached by an application, a new connection would need
to be established. to be established.
Streams can be independently opened and closed, gracefully or Streams can be independently opened and closed, gracefully or
abruptly. An application can gracefully close the egress direction abruptly. An application can gracefully close the egress direction
of a stream by instructing QUIC to send a FIN bit in a STREAM frame. of a stream by instructing QUIC to send a FIN bit in a STREAM frame.
It cannot gracefully close the ingress direction without a peer- It cannot gracefully close the ingress direction without a peer-
generated FIN, much like in TCP. However, an endpoint can abruptly generated FIN, much like in TCP. However, an endpoint can abruptly
close the egress direction or request that its peer abruptly close close the egress direction or request that its peer abruptly close
the ingress direction; these actions are fully independent of each the ingress direction; these actions are fully independent of each
other. other.
QUIC does not provide an interface for exceptional handling of any QUIC does not provide an interface for exceptional handling of any
stream. If a stream that is critical for an application is closed, stream. If a stream that is critical for an application is closed,
the application can generate error messages on the application layer the application can generate error messages on the application layer
to inform the other end and/or the higher layer, which can eventually to inform the other end and/or the higher layer, which can eventually
reset the QUIC connection. terminate the QUIC connection.
Mapping of application data to streams is application-specific and Mapping of application data to streams is application-specific and
described for HTTP/3 in [QUIC-HTTP]. There are a few general described for HTTP/3 in [QUIC-HTTP]. There are a few general
principles to apply when designing an application's use of streams: principles to apply when designing an application's use of streams:
* A single stream provides ordering. If the application requires * A single stream provides ordering. If the application requires
certain data to be received in order, that data should be sent on certain data to be received in order, that data should be sent on
the same stream. the same stream. There is no guarantee of transmission,
reception, or delivery order across streams.
* Multiple streams provide concurrency. Data that can be processed * Multiple streams provide concurrency. Data that can be processed
independently, and therefore would suffer from head of line independently, and therefore would suffer from head of line
blocking if forced to be received in order, should be transmitted blocking if forced to be received in order, should be transmitted
over separate streams. over separate streams.
* Streams can provide message orientation, and allow messages to be * Streams can provide message orientation, and allow messages to be
cancelled. If one message is mapped to a single stream, resetting cancelled. If one message is mapped to a single stream, resetting
the stream to expire an unacknowledged message can be used to the stream to expire an unacknowledged message can be used to
emulate partial reliability for that message. emulate partial reliability for that message.
If a QUIC receiver has opened the maximum allowed concurrent streams, If a QUIC receiver has opened the maximum allowed concurrent streams,
and the sender indicates that more streams are needed, it does not and the sender indicates that more streams are needed, it does not
automatically lead to an increase of the maximum number of streams by automatically lead to an increase of the maximum number of streams by
the receiver. Therefore it can be valuable to expose the maximum the receiver. Therefore, an application can use the maximum number
number of allowed, currently open, and currently used streams to the of allowed, currently open, and currently used streams when
application to make the mapping of data to streams dependent on this determining how to map data to streams.
information.
QUIC assigns a numerical identifier to each stream, called the Stream QUIC assigns a numerical identifier to each stream, called the Stream
ID. While the relationship between these identifiers and stream ID. While the relationship between these identifiers and stream
types is clearly defined in version 1 of QUIC, future versions might types is clearly defined in version 1 of QUIC, future versions might
change this relationship for various reasons. QUIC implementations change this relationship for various reasons. QUIC implementations
should expose the properties of each stream (which endpoint initiated should expose the properties of each stream (which endpoint initiated
the stream, whether the stream is unidirectional or bidirectional, the stream, whether the stream is unidirectional or bidirectional,
the Stream ID used for the stream); applications should query for the Stream ID used for the stream); applications should query for
these properties rather than attempting to infer them from the Stream these properties rather than attempting to infer them from the Stream
ID. ID.
skipping to change at page 9, line 19 skipping to change at page 9, line 19
connection is extremely low. connection is extremely low.
4.2. Prioritization 4.2. Prioritization
Stream prioritization is not exposed to either the network or the Stream prioritization is not exposed to either the network or the
receiver. Prioritization is managed by the sender, and the QUIC receiver. Prioritization is managed by the sender, and the QUIC
transport should provide an interface for applications to prioritize transport should provide an interface for applications to prioritize
streams [QUIC]. Applications can implement their own prioritization streams [QUIC]. Applications can implement their own prioritization
scheme on top of QUIC: an application protocol that runs on top of scheme on top of QUIC: an application protocol that runs on top of
QUIC can define explicit messages for signaling priority, such as QUIC can define explicit messages for signaling priority, such as
those defined for HTTP/2; it can define rules that allow an endpoint those defined in [I-D.draft-ietf-httpbis-priority] for HTTP; it can
to determine priority based on context; or it can provide a higher define rules that allow an endpoint to determine priority based on
level interface and leave the determination to the application on context; or it can provide a higher level interface and leave the
top. determination to the application on top.
Priority handling of retransmissions can be implemented by the sender Priority handling of retransmissions can be implemented by the sender
in the transport layer. [QUIC] recommends retransmitting lost data in the transport layer. [QUIC] recommends retransmitting lost data
before new data, unless indicated differently by the application. before new data, unless indicated differently by the application.
Currently, QUIC only provides fully reliable stream transmission, Currently, QUIC only provides fully reliable stream transmission,
which means that prioritization of retransmissions will be beneficial which means that prioritization of retransmissions will be beneficial
in most cases, by filling in gaps and freeing up the flow control in most cases, by filling in gaps and freeing up the flow control
window. For partially reliable or unreliable streams, priority window. For partially reliable or unreliable streams, priority
scheduling of retransmissions over data of higher-priority streams scheduling of retransmissions over data of higher-priority streams
might not be desirable. For such streams, QUIC could either provide might not be desirable. For such streams, QUIC could either provide
skipping to change at page 10, line 11 skipping to change at page 10, line 11
logic, an endpoint will send stream data until it is acknowledged, logic, an endpoint will send stream data until it is acknowledged,
ensuring that data at the start of the stream is sent and ensuring that data at the start of the stream is sent and
acknowledged first. acknowledged first.
An endpoint that uses a different sending behavior and does not An endpoint that uses a different sending behavior and does not
negotiate that change with its peer might encounter performance negotiate that change with its peer might encounter performance
issues or deadlocks. issues or deadlocks.
4.4. Flow Control Deadlocks 4.4. Flow Control Deadlocks
Flow control provides a means of managing access to the limited QUIC flow control provides a means of managing access to the limited
buffers endpoints have for incoming data. This mechanism limits the buffers endpoints have for incoming data. This mechanism limits the
amount of data that can be in buffers in endpoints or in transit on amount of data that can be in buffers in endpoints or in transit on
the network. However, there are several ways in which limits can the network. However, there are several ways in which limits can
produce conditions that can cause a connection to either perform produce conditions that can cause a connection to either perform
suboptimally or deadlock. suboptimally or deadlock.
Deadlocks in flow control are possible for any protocol that uses Deadlocks in flow control are possible for any protocol that uses
QUIC, though whether they become a problem depends on how QUIC, though whether they become a problem depends on how
implementations consume data and provide flow control credit. implementations consume data and provide flow control credit.
Understanding what causes deadlocking might help implementations Understanding what causes deadlocking might help implementations
avoid deadlocks. avoid deadlocks.
Large messages can produce deadlocking if the recipient does not The size and rate of transport flow control credit updates can affect
process the message incrementally. If the message is larger than the performance. Applications that use QUIC often have a data consumer
flow control credit available and the recipient does not release that reads data from transport buffers. Some implementations might
additional flow control credit until the entire message is received have independent transport-layer and application-layer receive
and delivered, a deadlock can occur. This is possible even where buffers. Consuming data does not always imply it is immediately
stream flow control limits are not reached because connection flow processed. However, a common flow control implementation technique
control limits can be consumed by other streams. is to extend credit to the sender, by emitting MAX_DATA and/or
MAX_STREAM_DATA frames, as data is consumed. Delivery of these
frames is affected by the latency of the back channel from the
receiver to the data sender. If credit is not extended in a timely
manner, the sending application can be blocked, effectively
throttling the sender.
A common flow control implementation technique is for a receiver to Large application messages can produce deadlocking if the recipient
extend credit to the sender as a the data consumer reads data. In does not read data from the transport incrementally. If the message
this setting, a length-prefixed message format makes it easier for is larger than the flow control credit available and the recipient
the data consumer to leave data unread in the receiver's buffers and does not release additional flow control credit until the entire
thereby withhold flow control credit. If flow control limits prevent message is received and delivered, a deadlock can occur. This is
the remainder of a message from being sent, a deadlock will result. possible even where stream flow control limits are not reached
A length prefix might also enable the detection of this sort of because connection flow control limits can be consumed by other
deadlock. Where protocols have messages that might be processed as a streams.
A length-prefixed message format makes it easier for a data consumer
to leave data unread in the transport buffer and thereby withhold
flow control credit. If flow control limits prevent the remainder of
a message from being sent, a deadlock will result. A length prefix
might also enable the detection of this sort of deadlock. Where
application protocols have messages that might be processed as a
single unit, reserving flow control credit for the entire message single unit, reserving flow control credit for the entire message
atomically makes this style of deadlock less likely. atomically makes this style of deadlock less likely.
A data consumer can read all data as it becomes available to cause A data consumer can eagerly read all data as it becomes available, in
the receiver to extend flow control credit to the sender and reduce order to make the receiver extend flow control credit and reduce the
the chances of a deadlock. However, releasing flow control credit chances of a deadlock. However, such a data consumer might need
might mean that the data consumer might need other means for holding other means for holding a peer accountable for the additional state
a peer accountable for the state it keeps for partially processed it keeps for partially processed messages.
messages.
Deadlocking can also occur if data on different streams is Deadlocking can also occur if data on different streams is
interdependent. Suppose that data on one stream arrives before the interdependent. Suppose that data on one stream arrives before the
data on a second stream on which it depends. A deadlock can occur if data on a second stream on which it depends. A deadlock can occur if
the first stream is left unread, preventing the receiver from the first stream is left unread, preventing the receiver from
extending flow control credit for the second stream. To reduce the extending flow control credit for the second stream. To reduce the
likelihood of deadlock for interdependent data, the sender should likelihood of deadlock for interdependent data, the sender should
ensure that dependent data is not sent until the data it depends on ensure that dependent data is not sent until the data it depends on
has been accounted for in both stream- and connection- level flow has been accounted for in both stream- and connection- level flow
control credit. control credit.
Some deadlocking scenarios might be resolved by cancelling affected Some deadlocking scenarios might be resolved by cancelling affected
streams with STOP_SENDING or RESET_STREAM. Cancelling some streams streams with STOP_SENDING or RESET_STREAM. Cancelling some streams
results in the connection being terminated in some protocols. results in the connection being terminated in some protocols.
4.5. Stream Limit Commitments
QUIC endpoints are responsible for communicating the cumulative limit
of streams they would allow to be opened by their peer. Initial
limits are advertised using the initial_max_streams_bidi and
initial_max_streams_uni transport parameters. As streams are opened
and closed they are consumed and the cumulative total is incremented.
Limits can be increased using the MAX_STREAMS frame but there is no
mechanism to reduce limits. Once stream limits are reached, no more
streams can be opened, which prevents applications using QUIC from
making further progress. At this stage connections can be terminated
via idle timeout or explicit close; see Section 10).
An application that uses QUIC might communicate a cumulative stream
limit but require the connection to be closed before the limit is
reached. For example, to stop the server to perform scheduled
maintenance. Immediate connection close causes abrupt closure of
actively used streams. Depending on how an application uses QUIC
streams, this could be undesirable or detrimental to behavior or
performance. A more graceful closure technique is to stop sending
increases to stream limits and allow the connection to naturally
terminate once remaining streams are consumed. However, the period
of time it takes to do so is dependent on the client and an
unpredictable closing period might not fit application or operational
needs. Applications using QUIC can be conservative with open stream
limits in order to reduce the commitment and indeterminism. However,
being overly conservative with stream limits affects stream
concurrency. Balancing these aspects can be specific to applications
and their deployments. Instead of relying on stream limits to avoid
abrupt closure, an application-layer graceful close mechanism can be
used to communicate the intention to explicitly close the connection
at some future point.
HTTP/3 provides such a mechanism using the GOWAWAY frame. In HTTP/3,
when the GOAWAY frame is received by a client, it stops opening new
streams even if the cumulative stream limit would allow. Instead the
client would create a new connection on which to open further
streams. Once all streams are closed on the old connection, it can
be terminated safely by a connection close or after expiration of the
idle time out (see also Section 10).
5. Packetization and Latency 5. Packetization and Latency
QUIC exposes an interface that provides multiple streams to the QUIC exposes an interface that provides multiple streams to the
application; however, the application usually cannot control how data application; however, the application usually cannot control how data
transmitted over those streams is mapped into frames or how those transmitted over those streams is mapped into frames or how those
frames are bundled into packets. frames are bundled into packets.
By default, many implementations will try to maximally pack QUIC By default, many implementations will try to maximally pack QUIC
packets DATA frames from one or more streams to minimize bandwidth packets DATA frames from one or more streams to minimize bandwidth
consumption and computational costs (see Section 13 of [QUIC]). If consumption and computational costs (see Section 13 of [QUIC]). If
skipping to change at page 12, line 5 skipping to change at page 13, line 16
Sections 8.1 and 14.1 of [QUIC]) and for path validation after Sections 8.1 and 14.1 of [QUIC]) and for path validation after
connection migration (see Section 8.2 of [QUIC]) as well as for connection migration (see Section 8.2 of [QUIC]) as well as for
Datagram Packetization Layer PMTU Discovery (DPLMTUD) (see Datagram Packetization Layer PMTU Discovery (DPLMTUD) (see
Section 14.3 of [QUIC]). Section 14.3 of [QUIC]).
Padding can also be used by an application to reduce leakage of Padding can also be used by an application to reduce leakage of
information about the data that is sent. A QUIC implementation can information about the data that is sent. A QUIC implementation can
expose an interface that allows an application layer to specify how expose an interface that allows an application layer to specify how
to apply padding. to apply padding.
6. Port Selection and Application Endpoint Discovery 6. Error Handling
QUIC recommends that endpoints signal any detected errors to the
peer. Errors can occur at the transport level and the application
level. Transport errors, such as a protocol violation, affect the
entire connection. Applications that use QUIC can define their own
error detection and signaling (see, for example, Section 8 of
[QUIC-HTTP]). Application errors can affect an entire connection or
a single stream.
QUIC defines an error code space that is used for error handling at
the transport layer. QUIC encourages endpoints to use the most
specific code, although any applicable code is permitted, including
generic ones.
Applications using QUIC define an error code space that is
independent from QUIC or other applications (see, for example,
Section 8.1 of [QUIC-HTTP]). The values in an application error code
space can be reused across connection-level and stream-level errors.
Connection errors lead to connection termination. They are signaled
using a CONNECTION_CLOSE frame, which contains an error code and a
reason field that can be zero length. Different types of
CONNECTION_CLOSE frame are used to signal transport and application
errors.
Stream errors lead to stream termination. The are signaled using
STOP_SENDING or RESET_STREAM frames, which contain only an error
code.
7. ACK-only packets on constrained links
The cost of sending acknowledgments - in processing cost or link
utilization - could be a significant proportion of available
resources if these resources are constrained. Reducing the rate at
which acknowledgments are generated can preserve these resources and
improve overall performance, for both network processing as well as
application-relevant metrics.
8. Port Selection and Application Endpoint Discovery
In general, port numbers serve two purposes: "first, they provide a In general, port numbers serve two purposes: "first, they provide a
demultiplexing identifier to differentiate transport sessions between demultiplexing identifier to differentiate transport sessions between
the same pair of endpoints, and second, they may also identify the the same pair of endpoints, and second, they may also identify the
application protocol and associated service to which processes application protocol and associated service to which processes
connect" [RFC6335]. The assumption that an application can be connect" [RFC6335]. The assumption that an application can be
identified in the network based on the port number is less true today identified in the network based on the port number is less true today
due to encapsulation, mechanisms for dynamic port assignments, and due to encapsulation, mechanisms for dynamic port assignments, and
NATs. NATs.
As QUIC is a general-purpose transport protocol, there are no As QUIC is a general-purpose transport protocol, there are no
requirements that servers use a particular UDP port for QUIC. For requirements that servers use a particular UDP port for QUIC. For
applications with a fallback to TCP that do not already have an applications with a fallback to TCP that do not already have an
alternate mapping to UDP, usually the registration (if necessary) and alternate mapping to UDP, usually the registration (if necessary) and
use of the UDP port number corresponding to the TCP port already use of the UDP port number corresponding to the TCP port already
registered for the application is appropriate. For example, the registered for the application is appropriate. For example, the
default port for HTTP/3 [QUIC-HTTP] is UDP port 443, analogous to default port for HTTP/3 [QUIC-HTTP] is UDP port 443, analogous to
HTTP/1.1 or HTTP/2 over TLS over TCP. HTTP/1.1 or HTTP/2 over TLS over TCP.
Additionally, Application-Layer Version Negotiation [RFC7301] permits
the client and server to negotiate which of several protocols will be
used on a given connection. Therefore, multiple applications might
be supported on a single UDP port based on the ALPN token offered.
Applications using QUIC should register an ALPN token for use in the
TLS handshake.
Applications could define an alternate endpoint discovery mechanism Applications could define an alternate endpoint discovery mechanism
to allow the usage of ports other than the default. For example, to allow the usage of ports other than the default. For example,
HTTP/3 (Sections 3.2 and 3.3 of [QUIC-HTTP]) specifies the use of HTTP/3 (Sections 3.2 and 3.3 of [QUIC-HTTP]) specifies the use of
HTTP Alternative Services for an HTTP origin to advertise the HTTP Alternative Services for an HTTP origin to advertise the
availability of an equivalent HTTP/3 endpoint on a certain UDP port availability of an equivalent HTTP/3 endpoint on a certain UDP port
by using the "h3" ALPN token [RFC7301]. Note that HTTP/3's ALPN by using the "h3" ALPN token. Note that HTTP/3's ALPN token ("h3")
token ("h3") identifies not only the version of the application identifies not only the version of the application protocol, but also
protocol, but also the version of QUIC itself; this approach allows the version of QUIC itself; this approach allows unambiguous
unambiguous agreement between the endpoints on the protocol stack in agreement between the endpoints on the protocol stack in use.
use.
Given the prevalence of the assumption in network management practice Given the prevalence of the assumption in network management practice
that a port number maps unambiguously to an application, the use of that a port number maps unambiguously to an application, the use of
ports that cannot easily be mapped to a registered service name might ports that cannot easily be mapped to a registered service name might
lead to blocking or other changes to the forwarding behavior by lead to blocking or other changes to the forwarding behavior by
network elements such as firewalls that use the port number for network elements such as firewalls that use the port number for
application identification. application identification.
7. Connection Migration 9. Connection Migration
QUIC supports connection migration by the client. If an IP address QUIC supports connection migration by the client. If an IP address
changes, a QUIC endpoint can still associate packets with an existing changes, a QUIC endpoint can still associate packets with an existing
transport connection using the destination connection ID field (see transport connection using the destination connection ID field (see
also Section 9) in the QUIC header, unless a zero-length value is also Section 11) in the QUIC header, unless a zero-length value is
used. This supports cases where address information changes, such as used. This supports cases where address information changes, such as
NAT rebinding, intentional change of the local interface, or based on NAT rebinding, intentional change of the local interface, or based on
an indication in the handshake of the server for a preferred address an indication in the handshake of the server for a preferred address
to be used. to be used.
Use of a non-zero-length connection ID for the server is strongly Use of a non-zero-length connection ID for the server is strongly
recommended if any clients are behind a NAT or could be. A non-zero- recommended if any clients are behind a NAT or could be. A non-zero-
length connection ID is also strongly recommended when migration is length connection ID is also strongly recommended when migration is
supported. supported.
Currently QUIC only supports failover cases. Only one "path" can be Currently QUIC only supports failover cases. Only one "path" can be
used at a time, and only when the new path is validated all traffic used at a time; and only when the new path is validated, all traffic
can be switched over to that new path. Path validation means that can be switched over to that new path. Path validation means that
the remote endpoint is required to validate the new path before use the remote endpoint is required to validate the new path before use
in order to avoid address spoofing attacks. Path validation takes at in order to avoid address spoofing attacks. Path validation takes at
least one RTT and congestion control will also be reset after path least one RTT and congestion control will also be reset after path
migration. Therefore migration usually has a performance impact. migration. Therefore migration usually has a performance impact.
QUIC probing packets, which cannot carry application data, can be QUIC probing packets, which can be sent on multiple paths at once,
sent on multiple paths at once. Probing packets can be used to are used to perform address validation as well as measure path
perform address validation, measure path characteristics as input for characteristics as input for the switching decision. Probing packets
the switching decision, or prime the congestion controller in cannot carry application data but may contain padding frames.
preparation for switching to the new path. Endpoints can use information about their receipt as input to
congestion control for that path. Applications could use information
learned from probing to inform a decisions to switch paths.
Only the client can actively migrate in version 1 of QUIC. However, Only the client can actively migrate in version 1 of QUIC. However,
servers can indicate during the handshake that they prefer to servers can indicate during the handshake that they prefer to
transfer the connection to a different address after the handshake. transfer the connection to a different address after the handshake.
For instance, this could be used to move from an address that is For instance, this could be used to move from an address that is
shared by multiple servers to an address that is unique to the server shared by multiple servers to an address that is unique to the server
instance. The server can provide an IPv4 and an IPv6 address in a instance. The server can provide an IPv4 and an IPv6 address in a
transport parameter during the TLS handshake and the client can transport parameter during the TLS handshake and the client can
select between the two if both are provided. See also Section 9.6 of select between the two if both are provided. See also Section 9.6 of
[QUIC]. [QUIC].
8. Connection Closure 10. Connection Termination
QUIC connections are closed either by expiration of an idle timeout, QUIC connections are terminated in one of three ways: implicit idle
as determined by transport parameters, or by an explicit indication timeout, explicit immediate close, or explicit stateless reset.
of the application that a connection should be closed (immediate
close). While data could still be received after the immediate close
has been initiated by one endpoint (for a limited time period), the
expectation is that an immediate close was negotiated at the
application layer and therefore no additional data is expected from
both sides.
An immediate close will emit an CONNECTION_CLOSE frame. This frame QUIC does not provide any mechanism for graceful connection
has two sets of types: one for QUIC internal problems that might lead termination; applications using QUIC can define their own graceful
to connection closure, and one for closures initiated by the termination process (see, for example, Section 5.2 of [QUIC-HTTP]).
application. An application using QUIC can define application-
specific error codes (see, for example, Section 8.1 of [QUIC-HTTP]).
The CONNECTION_CLOSE frame provides an optional reason field, that QUIC idle timeout is enabled via transport parameters. Client and
can be used to append human-readable information to an error code. server announce a timeout period and the effective value for the
RESET_STREAM and STOP_SENDING frames also include an error code, but connection is the minimum of the two values. After the timeout
no reason string. period elapses, the connection is silently closed. An application
therefore should be able to configure its own maximum value, as well
as have access to the computed minimum value for this connection. An
application may adjust the maximum idle timeout for new connections
based on the number of open or expected connections, since shorter
timeout values may free-up resources more quickly.
Alternatively, a QUIC connection can be silently closed by each Application data exchanged on streams or in datagrams defers the QUIC
endpoint separately after an idle timeout. If enabled as indicated idle timeout. Applications that provide their own keep-alive
by a transport parameter in the handshake, the idle timeout is mechanisms will therefore keep a QUIC connection alive. Applications
announced for each endpoint during connection establishment and the that do not provide their own keep-alive can use transport-layer
effective value for this connection is the minimum of the two values mechanisms (see Section 10.1.2 of [QUIC], and Section 3.2). However,
advertised by client and server. An application therefore should be QUIC implementation interfaces for controlling such transport
able to configure its own maximum value as well as have access to the behavior can vary, affecting the robustness of such approaches.
computed minimum value for this connection. An application may
adjust the maximum idle timeout for new connections based on the
number of open or expected connections, since shorter timeout values
may free-up memory more quickly.
If an application desires to keep the connection open for longer than An immediate close is signaled by a CONNECTION_CLOSE frame (see
the announced timeout, it can send keep-alive messages; a QUIC Section 6). Immediate close causes all streams to become immediately
implementation may provide an option to defer the time-out by sending closed, which may affect applications; see Section 4.5.
keep-alive messages at the transport layer to avoid unnecessary load,
as specified in Section 10.1.2 of [QUIC]. See Section 3.2 for
further guidance on keep-alives.
9. Information Exposure and the Connection ID A stateless reset is an option of last resort for an endpoint that
does not have access to connection state. Receiving a stateless
reset is an indication of an unrecoverable error distinct from
connection errors in that there is no application-layer information
provided.
11. Information Exposure and the Connection ID
QUIC exposes some information to the network in the unencrypted part QUIC exposes some information to the network in the unencrypted part
of the header, either before the encryption context is established or of the header, either before the encryption context is established or
because the information is intended to be used by the network. QUIC because the information is intended to be used by the network. QUIC
has a long header that exposes some additional information (the has a long header that exposes some additional information (the
version and the source connection ID), while the short header exposes version and the source connection ID), while the short header exposes
only the destination connection ID. In QUIC version 1, the long only the destination connection ID. In QUIC version 1, the long
header is used during connection establishment, while the short header is used during connection establishment, while the short
header is used for data transmission in an established connection. header is used for data transmission in an established connection.
skipping to change at page 15, line 5 skipping to change at page 17, line 18
An endpoint that selects a zero-length connection ID will receive An endpoint that selects a zero-length connection ID will receive
packets with a zero-length destination connection ID. The endpoint packets with a zero-length destination connection ID. The endpoint
needs to use other information, such as the source and destination IP needs to use other information, such as the source and destination IP
address and port number to identify which connection is referred to. address and port number to identify which connection is referred to.
This could mean that the endpoint is unable to match datagrams to This could mean that the endpoint is unable to match datagrams to
connections successfully if these values change, making the connections successfully if these values change, making the
connection effectively unable to survive NAT rebinding or migrate to connection effectively unable to survive NAT rebinding or migrate to
a new path. a new path.
9.1. Server-Generated Connection ID 11.1. Server-Generated Connection ID
QUIC supports a server-generated connection ID, transmitted to the QUIC supports a server-generated connection ID, transmitted to the
client during connection establishment (see Section 7.2 of [QUIC]). client during connection establishment (see Section 7.2 of [QUIC]).
Servers behind load balancers may need to change the connection ID Servers behind load balancers may need to change the connection ID
during the handshake, encoding the identity of the server or during the handshake, encoding the identity of the server or
information about its load balancing pool, in order to support information about its load balancing pool, in order to support
stateless load balancing. stateless load balancing.
Server deployments with load balancers and other routing Server deployments with load balancers and other routing
infrastructure need to ensure that this infrastructure consistently infrastructure need to ensure that this infrastructure consistently
routes packets to the correct server instance. This might require routes packets to the server instance that has the connection state,
coordination between servers and infrastructure. One method of even if addresses, ports, and/or connection IDs change. This might
achieving this involves encoding routing information into the require coordination between servers and infrastructure. One method
connection ID. This ensures that there is no need to for servers and of achieving this involves encoding routing information into the
infrastructure to coordinate routing information for each connection. connection ID. For an example of this technique, see [QUIC-LB].
See [QUIC-LB] for more information.
9.2. Mitigating Timing Linkability with Connection ID Migration 11.2. Mitigating Timing Linkability with Connection ID Migration
QUIC requires that endpoints generate fresh connection IDs for use on QUIC requires that endpoints generate fresh connection IDs for use on
new network paths. Choosing values that are unlinkable to an outside new network paths. Choosing values that are unlinkable to an outside
observer ensures that activity on different paths cannot be trivially observer ensures that activity on different paths cannot be trivially
correlated using the connection ID. correlated using the connection ID.
While sufficiently robust connection ID generation schemes will While sufficiently robust connection ID generation schemes will
mitigate linkability issues, they do not provide full protection. mitigate linkability issues, they do not provide full protection.
Analysis of the lifetimes of six-tuples (source and destination Analysis of the lifetimes of six-tuples (source and destination
addresses as well as the migrated CID) may expose these links anyway. addresses as well as the migrated CID) may expose these links anyway.
skipping to change at page 16, line 5 skipping to change at page 18, line 12
simultaneous migrations, even an exposed server mapping may be simultaneous migrations, even an exposed server mapping may be
insufficient information. insufficient information.
The most efficient mitigations for these attacks are through network The most efficient mitigations for these attacks are through network
design and/or operational practice, by using a load balancing design and/or operational practice, by using a load balancing
architecture that loads more flows onto a single server-side address, architecture that loads more flows onto a single server-side address,
by coordinating the timing of migrations in an attempt to increase by coordinating the timing of migrations in an attempt to increase
the number of simultaneous migrations at a given time, or through the number of simultaneous migrations at a given time, or through
other means. other means.
9.3. Using Server Retry for Redirection 11.3. Using Server Retry for Redirection
QUIC provides a Server Retry packet that can be sent by a server in QUIC provides a Server Retry packet that can be sent by a server in
response to the Client Initial packet. The server may choose a new response to the Client Initial packet. The server may choose a new
connection ID in that packet and the client will retry by sending connection ID in that packet and the client will retry by sending
another Client Initial packet with the server-selected connection ID. another Client Initial packet with the server-selected connection ID.
This mechanism can be used to redirect a connection to a different This mechanism can be used to redirect a connection to a different
server, e.g. due to performance reasons or when servers in a server server, e.g. due to performance reasons or when servers in a server
pool are upgraded gradually, and therefore may support different pool are upgraded gradually, and therefore may support different
versions of QUIC. In this case, it is assumed that all servers versions of QUIC. In this case, it is assumed that all servers
belonging to a certain pool are served in cooperation with load belonging to a certain pool are served in cooperation with load
skipping to change at page 16, line 27 skipping to change at page 18, line 34
server can choose the connection ID in the Server Retry packet such server can choose the connection ID in the Server Retry packet such
that the load balancer will redirect the next Client Initial packet that the load balancer will redirect the next Client Initial packet
to a different server in that pool. Alternatively the load balancer to a different server in that pool. Alternatively the load balancer
can directly offer a Retry service as further described in [QUIC-LB]. can directly offer a Retry service as further described in [QUIC-LB].
Section 4 of [RFC5077] describes an example approach for constructing Section 4 of [RFC5077] describes an example approach for constructing
TLS resumption tickets that can be also applied for validation TLS resumption tickets that can be also applied for validation
tokens, however, the use of more modern cryptographic algorithms is tokens, however, the use of more modern cryptographic algorithms is
highly recommended. highly recommended.
10. Quality of Service (QoS) and DSCP 12. Quality of Service (QoS) and DSCP
QUIC assumes that all packets of a QUIC connection, or at least with QUIC assumes that all packets of a QUIC connection, or at least with
the same 5-tuple {dest addr, source addr, protocol, dest port, source the same 5-tuple {dest addr, source addr, protocol, dest port, source
port}, will receive similar network treatment since feedback about port}, will receive similar network treatment since feedback about
loss or delay of each packet is used as input to the congestion loss or delay of each packet is used as input to the congestion
controller. Therefore it is not recommended to use different controller. Therefore it is not recommended to use different
DiffServ Code Points (DSCPs) [RFC2475] for packets belonging to the DiffServ Code Points (DSCPs) [RFC2475] for packets belonging to the
same connection. If differential network treatment, e.g. by the use same connection. If differential network treatment, e.g. by the use
of different DSCPs, is desired, multiple QUIC connections to the same of different DSCPs, is desired, multiple QUIC connections to the same
server may be used. However, in general it is recommended to server may be used. However, in general it is recommended to
minimize the number of QUIC connections to the same server, to avoid minimize the number of QUIC connections to the same server, to avoid
increased overheads and, more importantly, competing congestion increased overheads and, more importantly, competing congestion
control. control.
11. Use of Versions and Cryptographic Handshake 13. Use of Versions and Cryptographic Handshake
Versioning in QUIC may change the protocol's behavior completely, Versioning in QUIC may change the protocol's behavior completely,
except for the meaning of a few header fields that have been declared except for the meaning of a few header fields that have been declared
to be invariant [QUIC-INVARIANTS]. A version of QUIC with a higher to be invariant [QUIC-INVARIANTS]. A version of QUIC with a higher
version number will not necessarily provide a better service, but version number will not necessarily provide a better service, but
might simply provide a different feature set. As such, an might simply provide a different feature set. As such, an
application needs to be able to select which versions of QUIC it application needs to be able to select which versions of QUIC it
wants to use. wants to use.
A new version could use an encryption scheme other than TLS 1.3 or A new version could use an encryption scheme other than TLS 1.3 or
higher. [QUIC] specifies requirements for the cryptographic higher. [QUIC] specifies requirements for the cryptographic
handshake as currently realized by TLS 1.3 and described in a handshake as currently realized by TLS 1.3 and described in a
separate specification [QUIC-TLS]. This split is performed to enable separate specification [QUIC-TLS]. This split is performed to enable
light-weight versioning with different cryptographic handshakes. light-weight versioning with different cryptographic handshakes.
12. Enabling New Versions 14. Enabling New Versions
QUIC provides integrity protection for its version negotiation QUIC version 1 does not specify a version negotation mechanism in the
process. This process assumes that the set of versions that a server base spec but [I-D.draft-ietf-quic-version-negotiation] proposes an
supports is fixed. This complicates the process for deploying new extension. This process assumes that the set of versions that a
QUIC versions or disabling old versions when servers operate in server supports is fixed. This complicates the process for deploying
new QUIC versions or disabling old versions when servers operate in
clusters. clusters.
A server that rolls out a new version of QUIC can do so in three A server that rolls out a new version of QUIC can do so in three
stages. Each stage is completed across all server instances before stages. Each stage is completed across all server instances before
moving to the next stage. moving to the next stage.
In the first stage of deployment, all server instances start In the first stage of deployment, all server instances start
accepting new connections with the new version. The new version can accepting new connections with the new version. The new version can
be enabled progressively across a deployment, which allows for be enabled progressively across a deployment, which allows for
selective testing. This is especially useful when the new version is selective testing. This is especially useful when the new version is
skipping to change at page 18, line 15 skipping to change at page 20, line 26
The third stage completes the process by enabling authentication of The third stage completes the process by enabling authentication of
the negotiated version with the assumption that the new version is the negotiated version with the assumption that the new version is
fully available. fully available.
The process for disabling an old version or rolling back the The process for disabling an old version or rolling back the
introduction of a new version uses the same process in reverse. introduction of a new version uses the same process in reverse.
Servers disable validation of the old version, stop sending the old Servers disable validation of the old version, stop sending the old
version in Version Negotiation packets, then the old version is no version in Version Negotiation packets, then the old version is no
longer accepted. longer accepted.
13. IANA Considerations 15. Unreliable Datagram Service over QUIC
This document has no actions for IANA; however, note that Section 6 [I-D.ietf-quic-datagram] specifies a QUIC extension to enable sending
and receiving unreliable datagrams over QUIC. Unlike operating
directly over UDP, applications that use the QUIC datagram service do
not need to implement their own congestion control, per [RFC8085], as
QUIC datagrams are congestion controlled.
QUIC datagrams are not flow-controlled, and as such data chunks may
be dropped if the receiver is overloaded. While the reliable
transmission service of QUIC provides a stream-based interface to
send and receive data in order over multiple QUIC streams, the
datagram service has a unordered message-based interface. If needed,
an application layer framing can be used on top to allow separate
flows of unreliable datagrams to be multiplexed on one QUIC
connection.
16. IANA Considerations
This document has no actions for IANA; however, note that Section 8
recommends that application bindings to QUIC for applications using recommends that application bindings to QUIC for applications using
TCP register UDP ports analogous to their existing TCP registrations. TCP register UDP ports analogous to their existing TCP registrations.
14. Security Considerations 17. Security Considerations
See the security considerations in [QUIC] and [QUIC-TLS]; the See the security considerations in [QUIC] and [QUIC-TLS]; the
security considerations for the underlying transport protocol are security considerations for the underlying transport protocol are
relevant for applications using QUIC, as well. Considerations on relevant for applications using QUIC, as well. Considerations on
linkability, replay attacks, and randomness discussed in [QUIC-TLS] linkability, replay attacks, and randomness discussed in [QUIC-TLS]
should be taken into account when deploying and using QUIC. should be taken into account when deploying and using QUIC.
Application developers should note that any fallback they use when Application developers should note that any fallback they use when
QUIC cannot be used due to network blocking of UDP should guarantee QUIC cannot be used due to network blocking of UDP should guarantee
the same security properties as QUIC; if this is not possible, the the same security properties as QUIC; if this is not possible, the
connection should fail to allow the application to explicitly handle connection should fail to allow the application to explicitly handle
fallback to a less-secure alternative. See Section 2. fallback to a less-secure alternative. See Section 2.
Further, [QUIC-HTTP] provides security considerations specific to Further, [QUIC-HTTP] provides security considerations specific to
HTTP. However, discussions such as on cross-protocol attacks, HTTP. However, discussions such as on cross-protocol attacks,
traffic analysis and padding, or migration might be relevant for traffic analysis and padding, or migration might be relevant for
other applications using QUIC as well. other applications using QUIC as well.
15. Contributors 18. Contributors
Igor Lubashev contributed text to Section 9 on server-selected The following people have contributed text to this document:
connection IDs.
16. Acknowledgments * Igor Lubashev
* Mike Bishop
* Martin Thomson
* Lucas Pardue
* Gorry Fairhurst
19. Acknowledgments
Thanks also to Martin Duke, Sean Turner, and Ian Swett for their
reviews.
This work is partially supported by the European Commission under This work is partially supported by the European Commission under
Horizon 2020 grant agreement no. 688421 Measurement and Architecture Horizon 2020 grant agreement no. 688421 Measurement and Architecture
for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat
for Education, Research, and Innovation under contract no. 15.0268. for Education, Research, and Innovation under contract no. 15.0268.
This support does not imply endorsement. This support does not imply endorsement.
17. References 20. References
17.1. Normative References 20.1. Normative References
[QUIC] Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed [QUIC] Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed
and Secure Transport", Work in Progress, Internet-Draft, and Secure Transport", Work in Progress, Internet-Draft,
draft-ietf-quic-transport-34, 14 January 2021, draft-ietf-quic-transport-34, 14 January 2021,
<https://tools.ietf.org/html/draft-ietf-quic-transport- <https://tools.ietf.org/html/draft-ietf-quic-transport-
34>. 34>.
[QUIC-INVARIANTS] [QUIC-INVARIANTS]
Thomson, M., "Version-Independent Properties of QUIC", Thomson, M., "Version-Independent Properties of QUIC",
Work in Progress, Internet-Draft, draft-ietf-quic- Work in Progress, Internet-Draft, draft-ietf-quic-
skipping to change at page 19, line 38 skipping to change at page 22, line 34
Cheshire, "Internet Assigned Numbers Authority (IANA) Cheshire, "Internet Assigned Numbers Authority (IANA)
Procedures for the Management of the Service Name and Procedures for the Management of the Service Name and
Transport Protocol Port Number Registry", BCP 165, Transport Protocol Port Number Registry", BCP 165,
RFC 6335, DOI 10.17487/RFC6335, August 2011, RFC 6335, DOI 10.17487/RFC6335, August 2011,
<https://www.rfc-editor.org/rfc/rfc6335>. <https://www.rfc-editor.org/rfc/rfc6335>.
[TLS13] Rescorla, E., "The Transport Layer Security (TLS) Protocol [TLS13] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/rfc/rfc8446>. <https://www.rfc-editor.org/rfc/rfc8446>.
17.2. Informative References 20.2. Informative References
[Edeline16] [Edeline16]
Edeline, K., Kuehlewind, M., Trammell, B., Aben, E., and Edeline, K., Kuehlewind, M., Trammell, B., Aben, E., and
B. Donnet, "Using UDP for Internet Transport Evolution B. Donnet, "Using UDP for Internet Transport Evolution
(arXiv preprint 1612.07816)", 22 December 2016, (arXiv preprint 1612.07816)", 22 December 2016,
<https://arxiv.org/abs/1612.07816>. <https://arxiv.org/abs/1612.07816>.
[Hatonen10] [Hatonen10]
Hatonen, S., Nyrhinen, A., Eggert, L., Strowes, S., Hatonen, S., Nyrhinen, A., Eggert, L., Strowes, S.,
Sarolahti, P., and M. Kojo, "An experimental study of home Sarolahti, P., and M. Kojo, "An experimental study of home
gateway characteristics (Proc. ACM IMC 2010)", October gateway characteristics (Proc. ACM IMC 2010)", October
2010. 2010.
[HTTP-REPLAY] [HTTP-REPLAY]
Thomson, M., Nottingham, M., and W. Tarreau, "Using Early Thomson, M., Nottingham, M., and W. Tarreau, "Using Early
Data in HTTP", RFC 8470, DOI 10.17487/RFC8470, September Data in HTTP", RFC 8470, DOI 10.17487/RFC8470, September
2018, <https://www.rfc-editor.org/rfc/rfc8470>. 2018, <https://www.rfc-editor.org/rfc/rfc8470>.
[I-D.draft-ietf-httpbis-priority]
Oku, K. and L. Pardue, "Extensible Prioritization Scheme
for HTTP", Work in Progress, Internet-Draft, draft-ietf-
httpbis-priority-03, 11 January 2021,
<https://tools.ietf.org/html/draft-ietf-httpbis-priority-
03>.
[I-D.draft-ietf-quic-version-negotiation]
Schinazi, D. and E. Rescorla, "Compatible Version
Negotiation for QUIC", Work in Progress, Internet-Draft,
draft-ietf-quic-version-negotiation-03, 4 February 2021,
<https://tools.ietf.org/html/draft-ietf-quic-version-
negotiation-03>.
[I-D.ietf-quic-datagram]
Pauly, T., Kinnear, E., and D. Schinazi, "An Unreliable
Datagram Extension to QUIC", Work in Progress, Internet-
Draft, draft-ietf-quic-datagram-02, 16 February 2021,
<https://tools.ietf.org/html/draft-ietf-quic-datagram-02>.
[I-D.ietf-taps-arch] [I-D.ietf-taps-arch]
Pauly, T., Trammell, B., Brunstrom, A., Fairhurst, G., Pauly, T., Trammell, B., Brunstrom, A., Fairhurst, G.,
Perkins, C., Tiesel, P. S., and C. A. Wood, "An Perkins, C., Tiesel, P. S., and C. A. Wood, "An
Architecture for Transport Services", Work in Progress, Architecture for Transport Services", Work in Progress,
Internet-Draft, draft-ietf-taps-arch-09, 2 November 2020, Internet-Draft, draft-ietf-taps-arch-09, 2 November 2020,
<https://tools.ietf.org/html/draft-ietf-taps-arch-09>. <https://tools.ietf.org/html/draft-ietf-taps-arch-09>.
[I-D.nottingham-httpbis-retry]
Nottingham, M., "Retrying HTTP Requests", Work in
Progress, Internet-Draft, draft-nottingham-httpbis-retry-
01, 1 February 2017, <https://tools.ietf.org/html/draft-
nottingham-httpbis-retry-01>.
[PaaschNanog] [PaaschNanog]
Paasch, C., "Network Support for TCP Fast Open (NANOG 67 Paasch, C., "Network Support for TCP Fast Open (NANOG 67
presentation)", 13 June 2016, presentation)", 13 June 2016,
<https://www.nanog.org/sites/default/files/ <https://www.nanog.org/sites/default/files/
Paasch_Network_Support.pdf>. Paasch_Network_Support.pdf>.
[QUIC-HTTP] [QUIC-HTTP]
Bishop, M., "Hypertext Transfer Protocol Version 3 Bishop, M., "Hypertext Transfer Protocol Version 3
(HTTP/3)", Work in Progress, Internet-Draft, draft-ietf- (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf-
quic-http-34, 2 February 2021, quic-http-34, 2 February 2021,
skipping to change at page 21, line 15 skipping to change at page 24, line 25
[RFC5382] Guha, S., Ed., Biswas, K., Ford, B., Sivakumar, S., and P. [RFC5382] Guha, S., Ed., Biswas, K., Ford, B., Sivakumar, S., and P.
Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142, Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142,
RFC 5382, DOI 10.17487/RFC5382, October 2008, RFC 5382, DOI 10.17487/RFC5382, October 2008,
<https://www.rfc-editor.org/rfc/rfc5382>. <https://www.rfc-editor.org/rfc/rfc5382>.
[RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan,
"Transport Layer Security (TLS) Application-Layer Protocol "Transport Layer Security (TLS) Application-Layer Protocol
Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301,
July 2014, <https://www.rfc-editor.org/rfc/rfc7301>. July 2014, <https://www.rfc-editor.org/rfc/rfc7301>.
[RFC7413] Cheng, Y., Chu, J., Radhakrishnan, S., and A. Jain, "TCP
Fast Open", RFC 7413, DOI 10.17487/RFC7413, December 2014,
<https://www.rfc-editor.org/rfc/rfc7413>.
[RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage
Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085,
March 2017, <https://www.rfc-editor.org/rfc/rfc8085>. March 2017, <https://www.rfc-editor.org/rfc/rfc8085>.
[Swett16] Swett, I., "QUIC Deployment Experience at Google (IETF96 [Swett16] Swett, I., "QUIC Deployment Experience at Google (IETF96
QUIC BoF presentation)", 20 July 2016, QUIC BoF presentation)", 20 July 2016,
<https://www.ietf.org/proceedings/96/slides/slides-96- <https://www.ietf.org/proceedings/96/slides/slides-96-
quic-3.pdf>. quic-3.pdf>.
[Trammell16] [Trammell16]
 End of changes. 50 change blocks. 
148 lines changed or deleted 296 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/