]> Greasing the QUIC Bit Mozilla
mt@lowentropy.net
TSV quic Internet-Draft This document describes a method for negotiating the ability to send an arbitrary value for the second-to-most significant bit in QUIC packets. Discussion Venues Discussion of this document takes place on the QUIC Working Group mailing list (quic@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/quic/. Source for this draft and an issue tracker can be found at https://github.com/quicwg/quic-bit-grease.
Introduction QUIC intentionally describes a very narrow set of fields that are visible to entities other than endpoints. Beyond those characteristics that are defined as invariant , very little about the "wire image" of QUIC is visible. The second-to-most significant bit of the first byte in every QUIC packet is defined as having a fixed value in QUIC version 1 . The purpose of having a fixed value is to allow QUIC to be efficiently distinguished from other protocols; see for a description of a system that might use this property. As this bit can identify a packet as QUIC, it is sometimes referred to as the "QUIC Bit". Where endpoints and the intermediaries that support them do not depend on the QUIC Bit having a fixed value, sending the same value in every packet is more of liability than an asset. If systems come to depend on a fixed value, then it might become infeasible to define a version of QUIC that attributes semantics to this bit. In order to safeguard future use of this bit, this document defines a QUIC transport parameter that indicates that an endpoint is willing to receive QUIC packets containing any value for this bit. By sending different values for this bit, the hope is that the value will remain available for future use .
Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This document uses terms and notational conventions from .
The Grease QUIC Bit Transport Parameter The grease_quic_bit transport parameter (0x2ab2) can be sent by both client and server. The transport parameter is sent with an empty value; an endpoint that understands this transport parameter MUST treat receipt of a non-empty value as a connection error of type TRANSPORT_PARAMETER_ERROR. Advertising the grease_quic_bit transport parameter indicates that packets sent to this endpoint MAY set a value of 0 for the QUIC Bit. The QUIC Bit is defined as the second-to-most significant bit of the first byte of QUIC packets (that is, the value 0x40). A server MUST respect the value it previously provided for the grease_quic_bit transport parameter if it accepts 0-RTT. A client MAY forget the value. In all other cases, only the presence or absence of the transport parameter in the current handshake is used to determine what values can be sent in the QUIC Bit.
Clearing the QUIC Bit Endpoints that receive the grease_quic_bit transport parameter from a peer MAY set the QUIC Bit to any value in packets they send to that peer. Endpoints SHOULD set the QUIC Bit to an unpredictable value unless another extension assigns specific meaning to the value of the bit. All packets sent after receiving and processing transport parameters might be affected, including Initial, Handshake, and Retry packets. A client MAY also clear the QUIC Bit in Initial, Handshake, or 0-RTT packets that are sent prior to receiving transport parameters from the server. However, a client MUST NOT clear the QUIC Bit unless the Initial packets it sends include a token provided by the server in a NEW_TOKEN frame (), received less than 604800 seconds (7 days) prior on a connection where the server also included the grease_quic_bit transport parameter. A server MUST clear the QUIC bit only after processing transport parameters from a client. A server cannot remember that a client negotiated the extension in a previous connection and clear the QUIC Bit based on that information. An endpoint cannot clear the QUIC Bit without knowing whether the peer supports the extension. As Stateless Reset packets () are only used after a loss of connection state, endpoints are unlikely to be able to clear the QUIC Bit on Stateless Reset packets.
Using the QUIC Bit The purpose of this extension is to allow for the use of the QUIC Bit by later extensions. Extensions to QUIC that define semantics for the QUIC Bit can be negotiated at the same time as the grease_quic_bit transport parameter. In this case, a recipient needs to be able to distinguish a randomized value from a value carrying information according to the extension. Extensions that use the QUIC Bit MUST negotiate their use prior to acting on any semantic. For example, an extension might define a transport parameter that is sent in addition to the grease_quic_bit transport parameter. Though the value of the QUIC Bit in packets received by a peer might be set according to rules defined by the extension, they might also be randomized as specified in this document. Receiving a transport parameter for an extension that uses the QUIC Bit could be used to confirm that a peer supports the semantic defined in the extension. To avoid acting on a randomized signal, the extension can require that endpoints set the QUIC Bit according to the rules of the extension, but defer acting on the information conveyed until the transport parameter for the extension is received. Extensions that define semantics for the QUIC Bit can be negotiated without using the grease_quic_bit transport parameter. However, including both extensions allows for the QUIC Bit to be greased even if the alternative use is not supported.
Security Considerations This document introduces no new security considerations for endpoints or entities that can rely on endpoint cooperation. However, this change makes the task of identifying QUIC more difficult without cooperation of endpoints. This sometimes works counter to the security goals of network operators who rely on network classification to identify threats.
IANA Considerations This document registers the grease_quic_bit transport parameter in the "QUIC Transport Parameters" registry established in Section 22.2 of . The following fields are registered:
Value:
0x2ab2
Parameter Name:
grease_quic_bit
Status:
Permanent
Specification:
This document.
Date:
Date of registration.
Contact:
QUIC Working Group (quic@ietf.org)
Change Controller:
IETF (iesg@ietf.org)
Notes:
(none)
References Normative References QUIC: A UDP-Based Multiplexed and Secure Transport This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm. Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References Version-Independent Properties of QUIC This document defines the properties of the QUIC transport protocol that are common to all versions of the protocol. The Wire Image of a Network Protocol This document defines the wire image, an abstraction of the information available to an on-path non-participant in a networking protocol. This abstraction is intended to shed light on the implications that increased encryption has for network functions that use the wire image. Multiplexing Scheme Updates for Secure Real-time Transport Protocol (SRTP) Extension for Datagram Transport Layer Security (DTLS) This document defines how Datagram Transport Layer Security (DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol (RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using Relays around NAT (TURN), and ZRTP packets are multiplexed on a single receiving socket. It overrides the guidance from RFC 5764 ("SRTP Extension for DTLS"), which suffered from four issues described and fixed in this document. This document updates RFC 5764. Long-Term Viability of Protocol Extension Mechanisms The ability to change protocols depends on exercising the extension and version-negotiation mechanisms that support change. This document explores how regular use of new protocol features can ensure that it remains possible to deploy changes to a protocol. Examples are given where lack of use caused changes to be more difficult or costly.