Supporting version 2 and the new negotiation

kazu-yamamoto / quic

IETF QUIC library in Haskell

BSD 3-Clause "New" or "Revised" License

91 stars 13 forks source link

Supporting version 2 and the new negotiation #19

Closed kazu-yamamoto closed 2 years ago

kazu-yamamoto commented 2 years ago

This replaces Section 6 of RFC 9000.

kazu-yamamoto commented 2 years ago

Encryption keys are version specific. If a greasing version is used, its encryption key is unknown to the peer. Note that the version field in the long header is always plain without header protection.

Scenario 1 (compatible nego)

Both endpoints support both v2 and the new nego.

C: Initial: ver=1, version_information = 1, {2, 1}
S: Initial: ver=2, Handshake: version_information = 2, {2, 1}
C: Handshake: ver=2

Scenario 2 (incompatible nego)

Both endpoints support both v2 and the new nego.

C: Initial: ver=greasing, version_information = greasing, {2, 1, greasing}
S: VN: ver=0, {1, 2}
C: Initial: ver=2, version_information = 2, {2, 1}
S: Initial: ver=2, Handshake: version_information = 2, {2, 1}
C: Handshake: ver=2

Scenario 3

A server supports RFC9000 only.

C: Initial: ver=1, version_information = 1, {2, 1}
S: Initial: ver=1, Handshake
C: Handshake: ver=1

Scenario 4 (nego failed).

A server supports RFC9000 only.

C: Initial: ver=greasing, version_information = greasing, {2, 1, greasing}
S: VN: ver=0, {1}
C: Initial: ver=1, version_information = 1, {1}
S: Initial: ver=1, Handshake
C: Handshake: CC

The client sent CC because version_information is missing.

kazu-yamamoto commented 2 years ago

todo for compatible negotiation:

[x] Client: send version_information
[x] Server: set version and initial key to v2 if the first Initial can be decrypted and v2 is found in version_information
[x] Server: send version_information
[x] Client: set version and initial key to v2 if the version of the first Initial is v2
[x] Client: ignore VN if the original version is included in VN
[x] If version_information is broken, send TRANSPORT_PARAMETER_ERROR
[x] Client: after VN: send VERSION_NEGOTIATION_ERROR if version_information is missing
[x] Client: after VN: send VERSION_NEGOTIATION_ERROR if version_information validation fails

kazu-yamamoto commented 2 years ago

[x] Client: allow version change only once
[x] Client: check Chosen Version (https://github.com/quicwg/version-negotiation/issues/72, https://github.com/quicwg/version-negotiation/issues/73)
[x] Server: set version_information TP dynamically (https://github.com/quicwg/version-negotiation/issues/74)
[x] Sending TRANSPORT_PARAMETER_ERROR if v0 is included.

kazu-yamamoto commented 2 years ago

Call for discussion:

[x] Client: if VN and version_information does not exist, it should be treated as 1, [1].
[x] 0RTT: use v1 even if v2 is negotiated.

kazu-yamamoto commented 2 years ago

Done via #24.