New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compatible version upgrade #1901
Closed
Closed
Changes from 1 commit
Commits
Show all changes
30 commits
Select commit
Hold shift + click to select a range
4dc5e0d
Compatible version upgrade
martinthomson 7483395
There are only two things, which means no list
martinthomson f997b10
Marten's editorial suggestions
martinthomson f12becd
Thwart downgrade attacks between incompatible versions
martinthomson 4235f75
unplural
nibanks 0e0df73
article
nibanks 48ae25f
joiner
nibanks 87bcb71
Nick's suggestions
martinthomson 847445b
No common versions means fail
martinthomson 7533873
Move some text up to get the flow right
martinthomson 2b02ccd
Split into supported and unsupported
martinthomson 34b19da
The packet definitely always changes
martinthomson a2c5c6a
Moar words about what it means for a version to be supported by a client
martinthomson 0de8a0c
Cleanup, don't create conflicting requirements
martinthomson 8ffb306
discard, not ignore
igorlord 67a815e
Fix the RETIRE_CONNECTION_ID frame type again
martinthomson 4edf5b3
Don't recommend stateless reset
martinthomson 4417e03
Add missing sections to document structure
martinthomson 8f69ad1
Forward reference ECN verification
martinthomson 7c4b04d
Take suggestion
martinthomson 270243e
Use octets rather than bytes throughout
martinthomson 0143d41
Use octets for units; size for packet sizes
martinthomson bbf55a5
Use bytes instead of octets throughout
martinthomson a4f4c9f
Reflow
martinthomson 9d50417
Update draft-ietf-quic-recovery.md
ianswett 3f330f6
clarify
ianswett f0b5080
unhypenate - the name of my new startup
martinthomson 4578287
rewrap
martinthomson aa3ddc1
Reflow
martinthomson d59f429
Merge branch 'master' into vn-mkII
martinthomson File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There’s no incentive to use a widely deployed version any more. A client can use the highest (compatible) version, and the server would just downgrade it to the highest version it supports.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The server might not know that there is a newer compatible version - compatible is both a spec thing and an implementation thing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the incentive remains the same - the client offers what it believes to be most widely deployed. This design only allows for a seamless upgrade to a compatible version. If the client were to advertise the new, less-widely-deployed version, it risks getting a Version Negotiation packet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It needs to be the lowest version for maximum flexibility.
Consider the case where we would be using 0x81 as the first octet for the Initial packet in QUIC v2, and that we have a client that wants to connect to a server using either v1 or v2. The way to provide room for such possibility is to let the client send a v1 Initial packet with an indication that the server can respond using a v2 Initial packet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thinking of versions as being ordered is helpful, but might be constraining. The point is that the client will use the most widely deployed to start with and accept that the server is able to choose a compatible version. The client hopes that the server will choose a version that it prefers more, but leaves that to the server to decide.
In the case of monotonically increasing versions where A >> B >> C, this might seem obvious, but it's still possible that the client will advertise B and get an apparent downgrade to C. That's a property of the design that I don't think we'll see that often, but it's nonetheless theoretically possible.
But as @kazuho says, the expected case is a client advertising vN, then being opportunistically upgraded to vN+1. Like today, you can rely on TLS 1.0 being available widely, but you might prefer TLS 1.3.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The TLS comparison is somewhat inapt, since in TLS you actually do offer your highest (most preferred) version and let the server select a compatible, less-preferred version if it doesn't support that one. QUIC can't do that because the contents of the Initial aren't invariant.