draft-ietf-quic-applicability-02.txt   draft-ietf-quic-applicability-03.txt 
Network Working Group M. Kuehlewind Network Working Group M. Kuehlewind
Internet-Draft B. Trammell Internet-Draft B. Trammell
Intended status: Informational ETH Zurich Intended status: Informational ETH Zurich
Expires: January 3, 2019 July 02, 2018 Expires: April 25, 2019 October 22, 2018
Applicability of the QUIC Transport Protocol Applicability of the QUIC Transport Protocol
draft-ietf-quic-applicability-02 draft-ietf-quic-applicability-03
Abstract Abstract
This document discusses the applicability of the QUIC transport This document discusses the applicability of the QUIC transport
protocol, focusing on caveats impacting application protocol protocol, focusing on caveats impacting application protocol
development and deployment over QUIC. Its intended audience is development and deployment over QUIC. Its intended audience is
designers of application protocol mappings to QUIC, and implementors designers of application protocol mappings to QUIC, and implementors
of these application protocols. of these application protocols.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 3, 2019. This Internet-Draft will expire on April 25, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3
2. The Necessity of Fallback . . . . . . . . . . . . . . . . . . 3 2. The Necessity of Fallback . . . . . . . . . . . . . . . . . . 3
3. Zero RTT . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Zero RTT . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Thinking in Zero RTT . . . . . . . . . . . . . . . . . . 4 3.1. Thinking in Zero RTT . . . . . . . . . . . . . . . . . . 4
3.2. Here There Be Dragons . . . . . . . . . . . . . . . . . . 4 3.2. Here There Be Dragons . . . . . . . . . . . . . . . . . . 4
3.3. Session resumption versus Keep-alive . . . . . . . . . . 4 3.3. Session resumption versus Keep-alive . . . . . . . . . . 4
4. Use of Streams . . . . . . . . . . . . . . . . . . . . . . . 4 4. Use of Streams . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Stream versus Flow Multiplexing . . . . . . . . . . . . . 5 4.1. Stream versus Flow Multiplexing . . . . . . . . . . . . . 6
4.2. Packetization and latency . . . . . . . . . . . . . . . . 6 4.2. Packetization and latency . . . . . . . . . . . . . . . . 7
4.3. Prioritization . . . . . . . . . . . . . . . . . . . . . 6 4.3. Prioritization . . . . . . . . . . . . . . . . . . . . . 7
5. Graceful connection closure . . . . . . . . . . . . . . . . . 6 5. Port Selection . . . . . . . . . . . . . . . . . . . . . . . 8
6. Information exposure and the Connection ID . . . . . . . . . 7 6. Graceful connection closure . . . . . . . . . . . . . . . . . 8
6.1. Server-Generated Connection ID . . . . . . . . . . . . . 7 7. Information exposure and the Connection ID . . . . . . . . . 8
6.2. Using Server Retry for Redirection . . . . . . . . . . . 8 7.1. Server-Generated Connection ID . . . . . . . . . . . . . 9
7. Use of Versions and Cryptographic Handshake . . . . . . . . . 8 7.2. Mitigating Timing Linkability with Connection ID
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 Migration . . . . . . . . . . . . . . . . . . . . . . . . 9
9. Security Considerations . . . . . . . . . . . . . . . . . . . 8 7.3. Using Server Retry for Redirection . . . . . . . . . . . 9
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 9 8. Use of Versions and Cryptographic Handshake . . . . . . . . . 10
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 10. Security Considerations . . . . . . . . . . . . . . . . . . . 10
12.1. Normative References . . . . . . . . . . . . . . . . . . 9 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 10
12.2. Informative References . . . . . . . . . . . . . . . . . 9 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
13.1. Normative References . . . . . . . . . . . . . . . . . . 11
13.2. Informative References . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction 1. Introduction
QUIC [QUIC] is a new transport protocol currently under development QUIC [QUIC] is a new transport protocol currently under development
in the IETF quic working group, focusing on support of semantics as in the IETF quic working group, focusing on support of semantics as
needed for HTTP/2 [QUIC-HTTP] such as stream-multiplexing to avoid needed for HTTP/2 [QUIC-HTTP] such as stream-multiplexing to avoid
head-of-line blocking. Based on current deployment practices, QUIC head-of-line blocking. Based on current deployment practices, QUIC
is encapsulated in UDP. The version of QUIC that is currently under is encapsulated in UDP. The version of QUIC that is currently under
development will integrate TLS 1.3 [TLS13] to encrypt all payload development will integrate TLS 1.3 [TLS13] to encrypt all payload
data and most control information. data and most control information.
skipping to change at page 3, line 50 skipping to change at page 4, line 7
payload data. payload data.
Moreover, while encryption (in this case TLS) is inseparably Moreover, while encryption (in this case TLS) is inseparably
integrated with QUIC, TLS negotiation over TCP can be blocked. In integrated with QUIC, TLS negotiation over TCP can be blocked. In
case it is RECOMMENDED to abort the connection, allowing the case it is RECOMMENDED to abort the connection, allowing the
application to present a suitable prompt to the user that secure application to present a suitable prompt to the user that secure
communication is unavailable. communication is unavailable.
3. Zero RTT 3. Zero RTT
QUIC provides for 0-RTT connection establishment (see section 3.2 of QUIC provides for 0-RTT connection establishment. This presents
[QUIC]). This presents opportunities and challenges for applications opportunities and challenges for applications using QUIC.
using QUIC.
3.1. Thinking in Zero RTT 3.1. Thinking in Zero RTT
A transport protocol that provides 0-RTT connection establishment to A transport protocol that provides 0-RTT connection establishment to
recently contacted servers is qualitatively different than one that recently contacted servers is qualitatively different than one that
does not from the point of view of the application using it. does not from the point of view of the application using it.
Relative trade-offs between the cost of closing and reopening a Relative trade-offs between the cost of closing and reopening a
connection and trying to keep it open are different; see Section 3.3. connection and trying to keep it open are different; see Section 3.3.
Applications must be slightly rethought in order to make best use of Applications must be slightly rethought in order to make best use of
skipping to change at page 4, line 30 skipping to change at page 4, line 35
3.2. Here There Be Dragons 3.2. Here There Be Dragons
Retransmission or (malicious) replay of data contained in 0-RTT Retransmission or (malicious) replay of data contained in 0-RTT
resumption packets could cause the server side to receive two copies resumption packets could cause the server side to receive two copies
of the same data. This is further described in [HTTP-RETRY]. Data of the same data. This is further described in [HTTP-RETRY]. Data
sent during 0-RTT resumption also cannot benefit from perfect forward sent during 0-RTT resumption also cannot benefit from perfect forward
secrecy (PFS). secrecy (PFS).
Data in the first flight sent by the client in a connection Data in the first flight sent by the client in a connection
established with 0-RTT MUST be idempotent (as specified in section established with 0-RTT MUST be idempotent (as specified in section
3.2 in [QUIC-TLS]). Applications MUST be designed, and their data 2.1 in [QUIC-TLS]). Applications MUST be designed, and their data
MUST be framed, such that multiple reception of idempotent data is MUST be framed, such that multiple reception of idempotent data is
recognized as such by the receiverApplications that cannot treat data recognized as such by the receiverApplications that cannot treat data
that may appear in a 0-RTT connection establishment as idempotent that may appear in a 0-RTT connection establishment as idempotent
MUST NOT use 0-RTT establishment. For this reason the QUIC transport MUST NOT use 0-RTT establishment. For this reason the QUIC transport
SHOULD provide an interface for the application to indicate if 0-RTT SHOULD provide an interface for the application to indicate if 0-RTT
support is in general desired or a way to indicate whether data is support is in general desired or a way to indicate whether data is
idempotent, and/or whether PFS is a hard requirement for the idempotent, and/or whether PFS is a hard requirement for the
application. application.
3.3. Session resumption versus Keep-alive 3.3. Session resumption versus Keep-alive
[EDITOR'S NOTE: see https://github.com/quicwg/ops-drafts/issues/6] Because QUIC is encapsulated in UDP, applications using QUIC must
deal with short idle timeouts. Deployed stateful middleboxes will
generally establish state for UDP flows on the first packet state,
and keep state for much shorter idle periods than for TCP. According
to a 2010 study ([Hatonen10]), UDP applications can assume that any
NAT binding or other state entry will be expired after just thirty
seconds of inactivity.
A QUIC application has three strategies to deal with this issue:
o Ignore it, if the application-layer protocol consists only of
interactions with no or very short idle periods.
o Ensure there are no long idle periods.
o Resume the session after a long idle period, using 0-RTT
resumption when appropriate.
The first strategy is the easiest, but it only applies to certain
applications.
Either the server or the client in a QUIC application can send PING
frames as keep-alives, to prevent the connection and any on-path
state from timing out. Recommendations for the use of keep-alives
are application specific, mainly depending on the latency
requirements and message frequency of the application. In this case,
the application mapping must specify whether the client or server is
responsible for keeping the application alive. Note that sending
PING frames more frequently than every 30 seconds over long idle
periods may result in a too much unproductive traffic and power usage
for some situations.
Alternatively, the client (but not the server) can use session
resumption instead of sending keepalive traffic. In this case, a
client that wants to send data to a server over a connection idle
longer than the server's idle timeout (available from the
idle_timeout transport parameter) can simply reconnect. When
possible, this reconnection can use 0-RTT session resumption,
reducing the latency involved with restarting the connection. This
of course only applies in cases in which 0-RTT data is safe, when the
client is the restarting peer, and when the data to be sent is
idempotent.
The tradeoffs between resumption and keepalive need to be evaluated
on a per-application basis. However, in general applications should
use keepalives only in circumstances where continued communication is
highly likely; [QUIC-HTTP], for instance, recommends using PING
frames for keepalive only when a request is outstanding.
4. Use of Streams 4. Use of Streams
QUIC's stream multiplexing feature allows applications to run QUIC's stream multiplexing feature allows applications to run
multiple streams over a single connection, without head-of-line multiple streams over a single connection, without head-of-line
blocking between streams, associated at a point in time with a single blocking between streams, associated at a point in time with a single
five-tuple. Stream data is carried within Frames, where one (UDP) five-tuple. Stream data is carried within Frames, where one (UDP)
packet on the wire can carry one of multiple stream frames. packet on the wire can carry one of multiple stream frames.
Stream can be independently open and closed, gracefully or by error. Stream can be independently open and closed, gracefully or by error.
If a critical stream for the application is closed, the application If a critical stream for the application is closed, the application
can generate respective error messages on the application layer to can generate respective error messages on the application layer to
inform the other end or the higher layer and eventually indicate quic inform the other end or the higher layer and eventually indicate QUIC
to reset the connection. QUIC, however, does not need to know which to reset the connection. QUIC, however, does not need to know which
streams are critical, and does not provide an interface to streams are critical, and does not provide an interface to
exceptional handling of any stream. There are special streams in exceptional handling of any stream. There are special streams in
QUIC that are used for control on the QUIC connection, however, these QUIC that are used for control on the QUIC connection, however, these
streams are not exposed to the application. streams are not exposed to the application.
Mapping of application data to streams is application-specific and Mapping of application data to streams is application-specific and
described for HTTP/s in [QUIC-HTTP]. In general data that can be described for HTTP/s in [QUIC-HTTP]. In general data that can be
processed independently, and therefore would suffer from head of line processed independently, and therefore would suffer from head of line
blocking, if forced to be received in order, should be transmitted blocking, if forced to be received in order, should be transmitted
skipping to change at page 5, line 48 skipping to change at page 7, line 7
Streams are meaningful only to the application; since stream Streams are meaningful only to the application; since stream
information is carried inside QUIC's encryption boundary, no information is carried inside QUIC's encryption boundary, no
information about the stream(s) whose frames are carried by a given information about the stream(s) whose frames are carried by a given
packet is visible to the network. Therefore stream multiplexing is packet is visible to the network. Therefore stream multiplexing is
not intended to be used for differentiating streams in terms of not intended to be used for differentiating streams in terms of
network treatment. Application traffic requiring different network network treatment. Application traffic requiring different network
treatment SHOULD therefore be carried over different five-tuples treatment SHOULD therefore be carried over different five-tuples
(i.e. multiple QUIC connections). Given QUIC's ability to send (i.e. multiple QUIC connections). Given QUIC's ability to send
application data in the first RTT of a connection (if a previous application data in the first RTT of a connection (if a previous
connection to the same host has been successfully established to connection to the same host has been successfully established to
provide the respective credentials), the cost for establishing provide the respective credentials), the cost of establishing another
another connection are extremely low. connection is extremely low.
4.2. Packetization and latency 4.2. Packetization and latency
Quic provides an interface that provides multiple streams to the QUIC provides an interface that provides multiple streams to the
application, however, the application usually doesn't have control application; however, the application usually cannot control how data
how the data transmitted over one stream is mapped into frame and how transmitted over one stream is mapped into frames or how those frames
frames are bundled into packets. By default QUIC will try to are bundled into packets. By default, QUIC will try to maximally
maximally pack packets to minimize bandwidth consumption and pack packets with one or more stream data frames to minimize
computational costs with one or multiple same data frames. If not bandwidth consumption and computational costs (see section 8 of
enough data available to send QUIC may even wait for a short time, [QUIC]). If there is not enough data available to fill a packet,
trading of latency and bandwidth efficiency. This time might either QUIC may even wait for a short time, to optimize bandwidth efficiency
be pre-configured or can the dynamically adjusted based on the instead of latency. This delay can either be pre-configured or
observed sending pattern of the application. If the application dynamically adjusted based on the observed sending pattern of the
requires low latency, with only small chunks of data to send, it may application. If the application requires low latency, with only
be valuable to indicate to QUIC that all data should be send out small chunks of data to send, it may be valuable to indicate to QUIC
immediately. Or if a certain sending pattern is know by the that all data should be send out immediately. Alternatively, if the
application, it might also provide valuable guidance to QUIC how long application expects to use a specific sending pattern, it can also
it should wait to bundle frame into a packet. provide a suggested delay to QUIC for how long to wait before bundle
frames into a packet.
4.3. Prioritization 4.3. Prioritization
Stream prioritization is not exposed to the network, nor to the Stream prioritization is not exposed to either the network or the
receiver. Prioritization can be realized by the sender and the QUIC receiver. Prioritization is managed by the sender, and the QUIC
transport should provide an interface for applications to prioritize transport should provide an interface for applications to prioritize
streams [QUIC]. Further applications can implement their own streams [QUIC]. Further applications can implement their own
prioritization scheme on top of QUIC: (an application) protocol that prioritization scheme on top of QUIC: an application protocol that
runs on top of QUIC can define explicit messages for signaling runs on top of QUIC can define explicit messages for signaling
priority, such as those defined for HTTP/2; it can define rules that priority, such as those defined for HTTP/2; it can define rules that
allow an endpoint to determine priority based on context; or it can allow an endpoint to determine priority based on context; or it can
provide a higher level interface and leave the determination to the provide a higher level interface and leave the determination to the
application on top. application on top.
Priority handling of retransmissions can be implemented by the sender Priority handling of retransmissions can be implemented by the sender
in the transport layer. [QUIC] recommends to retransmit lost data in the transport layer. [QUIC] recommends to retransmit lost data
before new data, unless indicated differently by the application. before new data, unless indicated differently by the application.
Currently QUIC only provides fully reliable stream transmission, and Currently, QUIC only provides fully reliable stream transmission,
as such prioritization of retransmissions likely beneficial in most which means that prioritization of retransmissions will be beneficial
cases, as gaps that get filled up and thereby free up flow control. in most cases, by filling in gaps and freeing up the flow control
For not fully reliable streams priority scheduling of retransmissions window. For partially reliable or unreliable streams, priority
over data of higher-priority streams might not be desired. In this scheduling of retransmissions over data of higher-priority streams
case QUIC could also provide an interface or derive the might not be desirable. For such streams, QUIC could either provide
an explicit interface to control prioritization, or derive the
prioritization decision from the reliability level of the stream. prioritization decision from the reliability level of the stream.
5. Graceful connection closure 5. Port Selection
As QUIC is a general purpose transport protocol, there are no
requirements that servers use a particular UDP port for QUIC in
general. Instead, the same port number is used as would be used for
the same application over TCP. In the case of HTTP the expectation
is that port 443 is used, which has already been registered for "http
protocol over TLS/SSL". However, [QUIC-HTTP] also specifies the use
of Alt-Svc for HTTP/QUIC discovery which allows the server to use and
announce a different port number.
In general, port numbers serves two purposes: "first, they provide a
demultiplexing identifier to differentiate transport sessions between
the same pair of endpoints, and second, they may also identify the
application protocol and associated service to which processes
connect" [RFC6335]. Note that the assumption that an application can
be identified in the network based on the port number is less true
today, due to encapsulation, mechanisms for dynamic port assignments
as well as NATs.
However, whenever a non-standard port is used which does not enable
easy mapping to a registered service name, this can lead to blocking
by network elements such as firewalls that rely on the port number as
a first order of filtering.
6. Graceful connection closure
[EDITOR'S NOTE: give some guidance here about the steps an [EDITOR'S NOTE: give some guidance here about the steps an
application should take; however this is still work in progress] application should take; however this is still work in progress]
6. Information exposure and the Connection ID 7. Information exposure and the Connection ID
QUIC exposes some information to the network in the unencrypted part QUIC exposes some information to the network in the unencrypted part
of the header, either before the encryption context is established, of the header, either before the encryption context is established,
because the information is intended to be used by the network. QUIC because the information is intended to be used by the network. QUIC
has a long header that is used during connection establishment and has a long header that is used during connection establishment and
for other control processes, and a short header that may be used for for other control processes, and a short header that may be used for
data transmission in an established connection. While the long data transmission in an established connection. While the long
header is fixed and exposes some information, the short header only header always exposes some information (such as the version and
exposes the packet number by default and may optionally expose a Connection IDs), the short header exposes at most only a single
connection ID. Connection ID.
Given that exposing this information may make it possible to
associate multiple addresses with a single client during rebinding,
which has privacy implications, an application may indicate to not
support exposure of certain information after the handshake.
Specifically, an application that has additional information that the
client is not behind a NAT and the server is not behind a load
balancer, and therefore it is unlikely that the addresses will be re-
bound, may indicate to the transport that is wishes to not expose a
connection ID.
6.1. Server-Generated Connection ID 7.1. Server-Generated Connection ID
QUIC supports a server-generated Connection ID, transmitted to the QUIC supports a server-generated Connection ID, transmitted to the
client during connection establishment: see Section 5.7 of [QUIC]. client during connection establishment (see Section 6.1 of [QUIC]).
Servers behind load balancers should propose a Connection ID during Servers behind load balancers may need to propose a Connection ID
the handshake, encoding the identity of the server or information during the handshake, encoding the identity of the server or
about its load balancing pool, in order to support stateless load information about its load balancing pool, in order to support
balancing. Once the server generates a Connection ID that encodes stateless load balancing. Once the server generates a Connection ID
its identity, every CDN load balancer would be able to forward the that encodes its identity, every CDN load balancer would be able to
packets to that server without needing information about every forward the packets to that server without retaining connection
specific flow it is forwarding. state.
Server-generated Connection IDs must not encode any information other Server-generated connection IDs should seek to obscure any encoding,
that that needed to route packets to the appropriate backend of routing identities or any other information. Exposing the server
server(s): typically the identity of the backend server or pool of mapping would allow linkage of multiple IP addresses to the same host
servers, if the data-center's load balancing system keeps "local" if the server also supports migration. Furthermore, this opens an
state of all flows itself. Care must be exercised to ensure that the attack vector on specific servers or pools.
information encoded in the Connection ID is not sufficient to
identify unique end users. Note that by encoding routing information
in the Connection ID, load balancers open up a new attack vector that
allows bad actors to direct traffic at a specific backend server or
pool. It is therefore recommended that Server-Generated Connection
ID includes a cryptographic MAC that the load balancer pool server is
able to identify and discard packets featuring an invalid MAC.
6.2. Using Server Retry for Redirection The best way to obscure an encoding is to appear random to observers,
which is most rigorously achieved with encryption.
7.2. Mitigating Timing Linkability with Connection ID Migration
While sufficiently robust connection ID generation schemes will
mitigate linkability issues, they do not provide full protection.
Analysis of the lifetimes of six-tuples (source and destination
addresses as well as the migrated CID) may expose these links anyway.
In the limit where connection migration in a server pool is rare, it
is trivial for an observer to associate two connection IDs.
Conversely, in the opposite limit where every server handles multiple
simultaneous migrations, even an exposed server mapping may be
insufficient information.
The most efficient mitigation for these attacks is operational,
either by using a load balancing architecture that loads more flows
onto a single server-side address, by coordinating the timing of
migrations to attempt to increase the number of simultaneous
migrations at a given time, or through other means.
7.3. Using Server Retry for Redirection
QUIC provides a Server Retry packet that can be sent by a server in QUIC provides a Server Retry packet that can be sent by a server in
response to the Client Initial packet. The server may choose a new response to the Client Initial packet. The server may choose a new
connection ID in that packet and the client will retry by sending Connection ID in that packet and the client will retry by sending
another Client Initial packet with the server-selected connection ID. another Client Initial packet with the server-selected Connection ID.
This mechanism can be used to redirect a connection to a different This mechanism can be used to redirect a connection to a different
server, e.g. due to performance reasons or when servers in a server server, e.g. due to performance reasons or when servers in a server
pool are upgraded gradually, and therefore may support different pool are upgraded gradually, and therefore may support different
versions of QUIC. In this case, it is assumed that all servers versions of QUIC. In this case, it is assumed that all servers
belonging to a certain pool are served in cooperation with load belonging to a certain pool are served in cooperation with load
balancers that forward the traffic based on the connection ID. A balancers that forward the traffic based on the Connection ID. A
server can chose the connection ID in the Server Retry packet such server can choose the Connection ID in the Server Retry packet such
that the load balancer will redirect the next Client Initial packet that the load balancer will redirect the next Client Initial packet
to a different server in that pool. to a different server in that pool.
7. Use of Versions and Cryptographic Handshake 8. Use of Versions and Cryptographic Handshake
Versioning in QUIC may change the protocol's behavior completely, Versioning in QUIC may change the protocol's behavior completely,
except for the meaning of a few header fields that have been declared except for the meaning of a few header fields that have been declared
to be fixed. As such version of QUIC with a higher version number to be invariant [QUIC-INVARIANTS]. A version of QUIC with a higher
does not necessarily provide a better service, but might simply version number will not necessarily provide a better service, but
provide a very different service, so an application needs to be able might simply provide a different feature set. As such, an
to select which versions of QUIC it wants to use. application needs to be able to select which versions of QUIC it
wants to use.
A new version could use an encryption scheme other than TLS 1.3 or A new version could use an encryption scheme other than TLS 1.3 or
higher. [QUIC] specifies requirements for the cryptographic higher. [QUIC] specifies requirements for the cryptographic
handshake as currently realized by TLS 1.3 and described in a handshake as currently realized by TLS 1.3 and described in a
separate specification [QUIC-TLS]. This split is performed to enable separate specification [QUIC-TLS]. This split is performed to enable
light-weight versioning with different cryptographic handshakes. light-weight versioning with different cryptographic handshakes.
8. IANA Considerations 9. IANA Considerations
This document has no actions for IANA. This document has no actions for IANA.
9. Security Considerations 10. Security Considerations
See the security considerations in [QUIC] and [QUIC-TLS]; the See the security considerations in [QUIC] and [QUIC-TLS]; the
security considerations for the underlying transport protocol are security considerations for the underlying transport protocol are
relevant for applications using QUIC, as well. relevant for applications using QUIC, as well.
Application developers should note that any fallback they use when Application developers should note that any fallback they use when
QUIC cannot be used due to network blocking of UDP SHOULD guarantee QUIC cannot be used due to network blocking of UDP SHOULD guarantee
the same security properties as QUIC; if this is not possible, the the same security properties as QUIC; if this is not possible, the
connection SHOULD fail to allow the application to explicitly handle connection SHOULD fail to allow the application to explicitly handle
fallback to a less-secure alternative. See Section 2. fallback to a less-secure alternative. See Section 2.
10. Contributors 11. Contributors
Igor Lubashev contributed text to Section 6 on server-selected Igor Lubashev contributed text to Section 7 on server-selected
connection IDs. Connection IDs.
11. Acknowledgments 12. Acknowledgments
This work is partially supported by the European Commission under This work is partially supported by the European Commission under
Horizon 2020 grant agreement no. 688421 Measurement and Architecture Horizon 2020 grant agreement no. 688421 Measurement and Architecture
for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat
for Education, Research, and Innovation under contract no. 15.0268. for Education, Research, and Innovation under contract no. 15.0268.
This support does not imply endorsement. This support does not imply endorsement.
12. References 13. References
12.1. Normative References 13.1. Normative References
[QUIC] Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed [QUIC] Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed
and Secure Transport", draft-ietf-quic-transport-13 (work and Secure Transport", draft-ietf-quic-transport-15 (work
in progress), June 2018. in progress), October 2018.
[QUIC-INVARIANTS]
Thomson, M., "Version-Independent Properties of QUIC",
draft-ietf-quic-invariants-03 (work in progress), October
2018.
[QUIC-TLS] [QUIC-TLS]
Thomson, M. and S. Turner, "Using Transport Layer Security Thomson, M. and S. Turner, "Using Transport Layer Security
(TLS) to Secure QUIC", draft-ietf-quic-tls-13 (work in (TLS) to Secure QUIC", draft-ietf-quic-tls-15 (work in
progress), June 2018. progress), October 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ Requirement Levels", BCP 14, RFC 2119,
RFC2119, March 1997, <https://www.rfc-editor.org/info/ DOI 10.17487/RFC2119, March 1997,
rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S.
Cheshire, "Internet Assigned Numbers Authority (IANA)
Procedures for the Management of the Service Name and
Transport Protocol Port Number Registry", BCP 165,
RFC 6335, DOI 10.17487/RFC6335, August 2011,
<https://www.rfc-editor.org/info/rfc6335>.
[TLS13] Thomson, M. and S. Turner, "Using Transport Layer Security [TLS13] Thomson, M. and S. Turner, "Using Transport Layer Security
(TLS) to Secure QUIC", draft-ietf-quic-tls-13 (work in (TLS) to Secure QUIC", draft-ietf-quic-tls-15 (work in
progress), June 2018. progress), October 2018.
12.2. Informative References 13.2. Informative References
[Edeline16] [Edeline16]
Edeline, K., Kuehlewind, M., Trammell, B., Aben, E., and Edeline, K., Kuehlewind, M., Trammell, B., Aben, E., and
B. Donnet, "Using UDP for Internet Transport Evolution B. Donnet, "Using UDP for Internet Transport Evolution
(arXiv preprint 1612.07816)", December 2016, (arXiv preprint 1612.07816)", December 2016,
<https://arxiv.org/abs/1612.07816>. <https://arxiv.org/abs/1612.07816>.
[Hatonen10]
Hatonen, S., Nyrhinen, A., Eggert, L., Strowes, S.,
Sarolahti, P., and M. Kojo, "An experimental study of home
gateway characteristics (Proc. ACM IMC 2010)", October
2010.
[HTTP-RETRY] [HTTP-RETRY]
Nottingham, M., "Retrying HTTP Requests", draft- Nottingham, M., "Retrying HTTP Requests", draft-
nottingham-httpbis-retry-01 (work in progress), February nottingham-httpbis-retry-01 (work in progress), February
2017. 2017.
[I-D.nottingham-httpbis-retry] [I-D.nottingham-httpbis-retry]
Nottingham, M., "Retrying HTTP Requests", draft- Nottingham, M., "Retrying HTTP Requests", draft-
nottingham-httpbis-retry-01 (work in progress), February nottingham-httpbis-retry-01 (work in progress), February
2017. 2017.
[PaaschNanog] [PaaschNanog]
Paasch, C., "Network Support for TCP Fast Open (NANOG 67 Paasch, C., "Network Support for TCP Fast Open (NANOG 67
presentation)", June 2016, presentation)", June 2016,
<https://www.nanog.org/sites/default/files/ <https://www.nanog.org/sites/default/files/
Paasch_Network_Support.pdf>. Paasch_Network_Support.pdf>.
[QUIC-HTTP] [QUIC-HTTP]
Bishop, M., "Hypertext Transfer Protocol (HTTP) over Bishop, M., "Hypertext Transfer Protocol (HTTP) over
QUIC", draft-ietf-quic-http-13 (work in progress), June QUIC", draft-ietf-quic-http-15 (work in progress), October
2018. 2018.
[Swett16] Swett, I., "QUIC Deployment Experience at Google (IETF96 [Swett16] Swett, I., "QUIC Deployment Experience at Google (IETF96
QUIC BoF presentation)", July 2016, QUIC BoF presentation)", July 2016,
<https://www.ietf.org/proceedings/96/slides/slides-96- <https://www.ietf.org/proceedings/96/slides/
quic-3.pdf>. slides-96-quic-3.pdf>.
[Trammell16] [Trammell16]
Trammell, B. and M. Kuehlewind, "Internet Path Trammell, B. and M. Kuehlewind, "Internet Path
Transparency Measurements using RIPE Atlas (RIPE72 MAT Transparency Measurements using RIPE Atlas (RIPE72 MAT
presentation)", May 2016, <https://ripe72.ripe.net/wp- presentation)", May 2016, <https://ripe72.ripe.net/wp-
content/uploads/presentations/86-atlas-udpdiff.pdf>. content/uploads/presentations/86-atlas-udpdiff.pdf>.
Authors' Addresses Authors' Addresses
Mirja Kuehlewind Mirja Kuehlewind
 End of changes. 42 change blocks. 
122 lines changed or deleted 222 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/