From e547427ca03c0a3928374ae7af39561271ab26e7 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Thu, 5 Jul 2018 10:22:15 -0700 Subject: [PATCH 1/5] Tolerate unknown stream types --- draft-ietf-quic-http.md | 38 +++++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 321f2c7c26..11ec2ba7e7 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -492,16 +492,28 @@ this header is determined by the stream type. ~~~~~~~~~~ {: #fig-stream-header title="Unidirectional Stream Header"} -Two stream types are defined in this document: control streams -({{control-streams}}) and push streams ({{server-push}}). Other stream types -can be defined by extensions to HTTP/QUIC. +Some stream types are reserved ({{stream-grease}}). Two stream types are +defined in this document: control streams ({{control-streams}}) and push streams +({{server-push}}). Other stream types can be defined by extensions to +HTTP/QUIC. If the stream header indicates a stream type which is not supported by the -recipient, this SHOULD be treated as a stream error of type -HTTP_UNKNOWN_STREAM_TYPE. The semantics of the remainder of the stream are +recipient, the remainder of the stream cannot be consumed as the semantics are unknown. Implementations SHOULD NOT send stream types the peer is not already -known to support, since a stream error can be promoted to a connection error at -the peer's discretion (see {{errors}}). +known to support. Recipients of unknown stream types MAY trigger a QUIC +STOP_SENDING frame with an error code of HTTP_UNKNOWN_STREAM_TYPE, but MUST NOT +consider such streams to be an error of any kind. + +### Reserved Stream Types {#stream-grease} + +Stream types of the format `0x1f * N` are reserved to exercise the requirement +that unknown types be ignored. These streams have no semantic meaning, and can +be sent when application-layer padding is desired. They MAY also be sent on +connections where no request data is currently being transferred. Endpoints MUST +NOT consider these streams to have any meaning upon receipt. + +The payload and length of the stream are selected in any manner the +implementation chooses. ### Control Streams @@ -1651,6 +1663,18 @@ The entries in the following table are registered by this document. | Push Stream | 0x50 | {{server-push}} | Server | | ---------------- | ------ | -------------------------- | ------ | +Additionally, each code of the format `0x1f * N` for values of N in the +range (0..8) (that is, `0x00`, `0x1f`, etc., through `0xf8`), the following +values should be registered: + +Stream Type: +: Reserved - GREASE + +Specification: +: {{stream-grease}} + +Sender: +: Both --- back From 2cf8b436d470d55a9bcef2bc719ddbec4270e04c Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 6 Jul 2018 10:57:53 -0700 Subject: [PATCH 2/5] Prohibit speculative stream type use that modifies core protocol --- draft-ietf-quic-http.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 11ec2ba7e7..0082500c83 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -499,10 +499,14 @@ HTTP/QUIC. If the stream header indicates a stream type which is not supported by the recipient, the remainder of the stream cannot be consumed as the semantics are -unknown. Implementations SHOULD NOT send stream types the peer is not already -known to support. Recipients of unknown stream types MAY trigger a QUIC -STOP_SENDING frame with an error code of HTTP_UNKNOWN_STREAM_TYPE, but MUST NOT -consider such streams to be an error of any kind. +unknown. Recipients of unknown stream types MAY trigger a QUIC STOP_SENDING +frame with an error code of HTTP_UNKNOWN_STREAM_TYPE, but MUST NOT consider such +streams to be an error of any kind. + +Implementations SHOULD NOT send stream types the peer is not already known to +support. Stream types which could modify the state or semantics of existing +protocol components, including QPACK or other extensions, MUST NOT be sent until +the peer is known to support them. ### Reserved Stream Types {#stream-grease} From 9d5a5507e8c12d68afb8867456c0011222e112c1 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 6 Jul 2018 11:01:59 -0700 Subject: [PATCH 3/5] Discuss padding in Security Considerations --- draft-ietf-quic-http.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 0082500c83..8cbbc62b05 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -1440,7 +1440,10 @@ Error codes need to be defined for HTTP/2 and HTTP/QUIC separately. See # Security Considerations The security considerations of HTTP over QUIC should be comparable to those of -HTTP/2 with TLS. +HTTP/2 with TLS. Note that where HTTP/2 employs PADDING frames to make a +connection more resistant to traffic analysis, HTTP/QUIC can rely on QUIC's own +PADDING frames or employ the reserved frame and stream types discussed in +{{frame-grease}} and {{stream-grease}}. The modified SETTINGS format contains nested length elements, which could pose a security risk to an uncautious implementer. A SETTINGS frame parser MUST From 7deb076c7a57dd6003988532090886b947cc29e8 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 6 Jul 2018 14:54:36 -0700 Subject: [PATCH 4/5] Loosen prohibition on unknown stream types further --- draft-ietf-quic-http.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 8cbbc62b05..72c89c7a7c 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -503,10 +503,10 @@ unknown. Recipients of unknown stream types MAY trigger a QUIC STOP_SENDING frame with an error code of HTTP_UNKNOWN_STREAM_TYPE, but MUST NOT consider such streams to be an error of any kind. -Implementations SHOULD NOT send stream types the peer is not already known to -support. Stream types which could modify the state or semantics of existing -protocol components, including QPACK or other extensions, MUST NOT be sent until -the peer is known to support them. +Implementations MAY send stream types before knowing whether the peer supports +them. However, stream types which could modify the state or semantics of +existing protocol components, including QPACK or other extensions, MUST NOT be +sent until the peer is known to support them. ### Reserved Stream Types {#stream-grease} From 44592445505fc4308e4467277331a07296078bb3 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 6 Jul 2018 14:56:20 -0700 Subject: [PATCH 5/5] Multiply for IANA --- draft-ietf-quic-http.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 72c89c7a7c..fb0ca78d17 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -1527,8 +1527,8 @@ The entries in the following table are registered by this document. | ---------------- | ------ | -------------------------- | Additionally, each code of the format `0xb + (0x1f * N)` for values of N in the -range (0..7) (that is, `0xb`, `0x2a`, etc., through `0xe4`), the following -values should be registered: +range (0..7) (that is, `0xb`, `0x2a`, `0x49`, `0x68`, `0x87`, `0xa6`, `0xc5`, +and `0xe4`), the following values should be registered: Frame Type: : Reserved - GREASE @@ -1670,9 +1670,9 @@ The entries in the following table are registered by this document. | Push Stream | 0x50 | {{server-push}} | Server | | ---------------- | ------ | -------------------------- | ------ | -Additionally, each code of the format `0x1f * N` for values of N in the -range (0..8) (that is, `0x00`, `0x1f`, etc., through `0xf8`), the following -values should be registered: +Additionally, for each code of the format `0x1f * N` for values of N in the +range (0..8) (that is, `0x00`, `0x1f`, `0x3e`, `0x5d`, `0x7c`, `0x9b`, `0xba`, +`0xd9`, `0xf8`), the following values should be registered: Stream Type: : Reserved - GREASE