From 99946d15e0102c2c344e7d603fc4fa63122fae73 Mon Sep 17 00:00:00 2001 From: Jana Iyengar Date: Wed, 11 Jan 2017 23:10:11 -0800 Subject: [PATCH 1/3] Change text that describes version negotiation in terms of crypto keys. --- draft-ietf-quic-transport.md | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 760091fac7..e0925ada0b 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -411,8 +411,7 @@ have the VERSION bit set. This bit is always set on packets that are sent prior to connection establishment. When receiving a packet that is not associated with an existing connection, packets without a VERSION bit MUST be discarded. -While there might be similarities between different versions of this protocol, -implementations have to assume that a version that it does not support uses a +Implementations have to assume that a version that it does not support uses a different packet format. Between different versions the following things are guaranteed to remain @@ -629,10 +628,10 @@ QUIC's connection establishment begins with version negotiation, since all communication between the endpoints, including packet and frame formats, relies on the two endpoints agreeing on a version. -A QUIC connection begins with a client sending a handshake packet. Until -packets are protected by 1-RTT keys (see {{handshake}}), packets sent by a -client MUST include the version in the packet header. This allows the server to -identify the version of early packets and enable version negotiation. +A QUIC connection begins with a client sending a handshake packet. The details +of the handshake mechanisms are described in {{handshake}}, but all of the +initial packets sent from the client to the server MUST have the VERSION flag +set, and MUST specify the version of the protocol being used. When the server receives a packet from a client with the VERSION flag set, it compares the client's version to the versions it supports. @@ -656,13 +655,15 @@ version. The resent packets MUST use new packet numbers. These packets MUST continue to have the VERSION flag set and MUST include the new negotiated protocol version. -The client MUST include its selected version on all packets until it starts -protecting packets with 1-RTT keys. Only unprotected packets and 0-RTT -protected packets can include a version. A client MUST NOT change the version -it uses unless it is in response to a version negotiation packet from the -server. +The client MUST set the VERSION flag on all packets until version negotiation +concludes. Version negotiation successfully concludes when the client receives a +packet from the server with the VERSION flag unset. All subsequent packets sent +by the client MUST have the VERSION flag unset. -Version negotiation uses unprotected data. The result of the negotiation MUST +Once the server receives a packet from the client with the VERSION flag unset, +it MUST ignore the flag in subsequently received packets. + +Version negotiation uses unprotected data. The result of the negotiation MUST be revalidated once the cryptographic handshake has completed (see {{version-validation}}). From eecb8d907341a203030078436e4eaf5e3f954a92 Mon Sep 17 00:00:00 2001 From: Jana Iyengar Date: Thu, 12 Jan 2017 10:03:42 -0800 Subject: [PATCH 2/3] Address Ian's comments --- draft-ietf-quic-transport.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index e0925ada0b..67fdca84f0 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -411,8 +411,8 @@ have the VERSION bit set. This bit is always set on packets that are sent prior to connection establishment. When receiving a packet that is not associated with an existing connection, packets without a VERSION bit MUST be discarded. -Implementations have to assume that a version that it does not support uses a -different packet format. +Implementations MUST assume that an unsupported version uses an unknown packet +format. Between different versions the following things are guaranteed to remain constant are: From 5a636ef3338e17a5cc94f3acdaefc893ecbaf2e1 Mon Sep 17 00:00:00 2001 From: Jana Iyengar Date: Thu, 12 Jan 2017 10:20:19 -0800 Subject: [PATCH 3/3] MUST -> SHOULD --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 67fdca84f0..741ced33d5 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -658,7 +658,7 @@ protocol version. The client MUST set the VERSION flag on all packets until version negotiation concludes. Version negotiation successfully concludes when the client receives a packet from the server with the VERSION flag unset. All subsequent packets sent -by the client MUST have the VERSION flag unset. +by the client SHOULD have the VERSION flag unset. Once the server receives a packet from the client with the VERSION flag unset, it MUST ignore the flag in subsequently received packets.