Internet-Draft QUIC Invariants August 2020
Thomson Expires 13 February 2021 [Page]
Workgroup:
QUIC
Internet-Draft:
draft-ietf-quic-invariants-latest
Published:
Intended Status:
Standards Track
Expires:
Author:
M. Thomson
Mozilla

Version-Independent Properties of QUIC

Abstract

This document defines the properties of the QUIC transport protocol that are expected to remain unchanged over time as new versions of the protocol are developed.

Note to Readers

Discussion of this draft takes place on the QUIC working group mailing list (quic@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=quic.

Working Group information can be found at https://github.com/quicwg; source code and issues list for this draft can be found at https://github.com/quicwg/base-drafts/labels/-invariants.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 13 February 2021.

Table of Contents

1. Introduction

In addition to providing secure, multiplexed transport, QUIC [QUIC-TRANSPORT] includes the ability to negotiate a version. This allows the protocol to change over time in response to new requirements. Many characteristics of the protocol will change between versions.

This document describes the subset of QUIC that is intended to remain stable as new versions are developed and deployed. All of these invariants are IP-version-independent.

The primary goal of this document is to ensure that it is possible to deploy new versions of QUIC. By documenting the properties that cannot change, this document aims to preserve the ability for QUIC endpoints to negotiate changes to any other aspect of the protocol. As a consequence, this also guarantees a minimal amount of information that is made available to entities other than endpoints. Unless specifically prohibited in this document, any aspect of the protocol can change between different versions.

Appendix A is a non-exhaustive list of some incorrect assumptions that might be made based on knowledge of QUIC version 1; these do not apply to every version of QUIC.

2. Conventions and Definitions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

This document uses terms and notational conventions from [QUIC-TRANSPORT].

3. An Extremely Abstract Description of QUIC

QUIC is a connection-oriented protocol between two endpoints. Those endpoints exchange UDP datagrams. These UDP datagrams contain QUIC packets. QUIC endpoints use QUIC packets to establish a QUIC connection, which is shared protocol state between those endpoints.

4. Notational Conventions

Packet diagrams in this document use a format defined in [QUIC-TRANSPORT] to illustrate the order and size of fields.

Complex fields are named and then followed by a list of fields surrounded by a pair of matching braces. Each field in this list is separated by commas.

Individual fields include length information, plus indications about fixed value, optionality, or repetitions. Individual fields use the following notational conventions, with all lengths in bits:

x (A):
Indicates that x is A bits long
x (A..B):
Indicates that x can be any length from A to B; A can be omitted to indicate a minimum of zero bits and B can be omitted to indicate no set upper limit; values in this format always end on an octet boundary
x (?) = C:
Indicates that x has a fixed value of C
x (E) ...:
Indicates that x is repeated zero or more times (and that each instance is length E)

This document uses network byte order (that is, big endian) values. Fields are placed starting from the high-order bits of each byte.

Figure 1 shows an example structure:

Example Structure {
  One-bit Field (1),
  7-bit Field with Fixed Value (7) = 61,
  Arbitrary-Length Field (..),
  Variable-Length Field (8..24),
  Repeated Field (8) ...,
}
Figure 1: Example Format

5. QUIC Packets

QUIC endpoints exchange UDP datagrams that contain one or more QUIC packets. This section describes the invariant characteristics of a QUIC packet. A version of QUIC could permit multiple QUIC packets in a single UDP datagram, but the invariant properties only describe the first packet in a datagram.

QUIC defines two types of packet header: long and short. Packets with long headers are identified by the most significant bit of the first byte being set; packets with a short header have that bit cleared.

QUIC packets might be integrity protected, including the header. However, QUIC Version Negotiation packets are not integrity protected; see Section 6.

Aside from the values described here, the payload of QUIC packets is version-specific and of arbitrary length.

5.1. Long Header

Long headers take the form described in Figure 2.

Long Header Packet {
  Header Form (1) = 1,
  Version-Specific Bits (7),
  Version (32),
  Destination Connection ID Length (8),
  Destination Connection ID (0..2040),
  Source Connection ID Length (8),
  Source Connection ID (0..2040),
  Version-Specific Data (..),
}
Figure 2: QUIC Long Header

A QUIC packet with a long header has the high bit of the first byte set to 1. All other bits in that byte are version specific.

The next four bytes include a 32-bit Version field. Versions are described in Section 5.4.

The next byte contains the length in bytes of the Destination Connection ID field that follows it. This length is encoded as an 8-bit unsigned integer. The Destination Connection ID field follows the Destination Connection ID Length field and is between 0 and 255 bytes in length. Connection IDs are described in Section 5.3.

The next byte contains the length in bytes of the Source Connection ID field that follows it. This length is encoded as an 8-bit unsigned integer. The Source Connection ID field follows the Source Connection ID Length field and is between 0 and 255 bytes in length.

The remainder of the packet contains version-specific content.

5.2. Short Header

Short headers take the form described in Figure 3.

Short Header Packet {
  Header Form (1) = 0,
  Version-Specific Bits (7),
  Destination Connection ID (..),
  Version-Specific Data (..),
}
Figure 3: QUIC Short Header

A QUIC packet with a short header has the high bit of the first byte set to 0.

A QUIC packet with a short header includes a Destination Connection ID immediately following the first byte. The short header does not include the Connection ID Lengths, Source Connection ID, or Version fields. The length of the Destination Connection ID is not encoded in packets with a short header and is not constrained by this specification.

The remainder of the packet has version-specific semantics.

5.3. Connection ID

A connection ID is an opaque field of arbitrary length.

The primary function of a connection ID is to ensure that changes in addressing at lower protocol layers (UDP, IP, and below) do not cause packets for a QUIC connection to be delivered to the wrong QUIC endpoint. The connection ID is used by endpoints and the intermediaries that support them to ensure that each QUIC packet can be delivered to the correct instance of an endpoint. At the endpoint, the connection ID is used to identify which QUIC connection the packet is intended for.

The connection ID is chosen by each endpoint using version-specific methods. Packets for the same QUIC connection might use different connection ID values.

5.4. Version

The Version field contains a 4-byte identifier. This value can be used by endpoints to identify a QUIC Version. A Version field with a value of 0x00000000 is reserved for version negotiation; see Section 6. All other values are potentially valid.

The properties described in this document apply to all versions of QUIC. A protocol that does not conform to the properties described in this document is not QUIC. Future documents might describe additional properties that apply to a specific QUIC version, or to a range of QUIC versions.

6. Version Negotiation

A QUIC endpoint that receives a packet with a long header and a version it either does not understand or does not support might send a Version Negotiation packet in response. Packets with a short header do not trigger version negotiation.

A Version Negotiation packet sets the high bit of the first byte, and thus it conforms with the format of a packet with a long header as defined in Section 5.1. A Version Negotiation packet is identifiable as such by the Version field, which is set to 0x00000000.

Version Negotiation Packet {
  Header Form (1) = 1,
  Unused (7),
  Version (32) = 0,
  Destination Connection ID Length (8),
  Destination Connection ID (0..2040),
  Source Connection ID Length (8),
  Source Connection ID (0..2040),
  Supported Version (32) ...,
}
Figure 4: Version Negotiation Packet

Only the most significant bit of the first byte of a Version Negotiation packet has any defined value. The remaining 7 bits, labeled Unused, can be set to any value when sending and MUST be ignored on receipt.

After the Source Connection ID field, the Version Negotiation packet contains a list of Supported Version fields, each identifying a version that the endpoint sending the packet supports. A Version Negotiation packet contains no other fields. An endpoint MUST ignore a packet that contains no Supported Version fields, or a truncated Supported Version.

Version Negotiation packets do not use integrity or confidentiality protection. Specific QUIC versions might include protocol elements that allow endpoints to detect modification or corruption in the set of supported versions.

An endpoint MUST include the value from the Source Connection ID field of the packet it receives in the Destination Connection ID field. The value for Source Connection ID MUST be copied from the Destination Connection ID of the received packet, which is initially randomly selected by a client. Echoing both connection IDs gives clients some assurance that the server received the packet and that the Version Negotiation packet was not generated by an off-path attacker.

An endpoint that receives a Version Negotiation packet might change the version that it decides to use for subsequent packets. The conditions under which an endpoint changes QUIC version will depend on the version of QUIC that it chooses.

See [QUIC-TRANSPORT] for a more thorough description of how an endpoint that supports QUIC version 1 generates and consumes a Version Negotiation packet.

7. Security and Privacy Considerations

It is possible that middleboxes could use traits of a specific version of QUIC and assume that when other versions of QUIC exhibit similar traits the same underlying semantic is being expressed. There are potentially many such traits (see Appendix A). Some effort has been made to either eliminate or obscure some observable traits in QUIC version 1, but many of these remain. Other QUIC versions might make different design decisions and so exhibit different traits.

The QUIC version number does not appear in all QUIC packets, which means that reliably extracting information from a flow based on version-specific traits requires that middleboxes retain state for every connection ID they see.

The Version Negotiation packet described in this document is not integrity-protected; it only has modest protection against insertion by off-path attackers. An endpoint MUST authenticate the contents of a Version Negotiation packet if it attempts a different QUIC version as a result.

8. IANA Considerations

This document makes no request of IANA.

9. References

9.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.

9.2. Informative References

[QUIC-TLS]
Thomson, M., Ed. and S. Turner, Ed., "Using Transport Layer Security (TLS) to Secure QUIC", Work in Progress, Internet-Draft, draft-ietf-quic-tls-latest, , <https://tools.ietf.org/html/draft-ietf-quic-tls-latest>.
[QUIC-TRANSPORT]
Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based Multiplexed and Secure Transport", Work in Progress, Internet-Draft, draft-ietf-quic-transport-latest, , <https://tools.ietf.org/html/draft-ietf-quic-transport-latest>.
[RFC5116]
McGrew, D., "An Interface and Algorithms for Authenticated Encryption", RFC 5116, DOI 10.17487/RFC5116, , <https://www.rfc-editor.org/info/rfc5116>.

Appendix A. Incorrect Assumptions

There are several traits of QUIC version 1 [QUIC-TRANSPORT] that are not protected from observation, but are nonetheless considered to be changeable when a new version is deployed.

This section lists a sampling of incorrect assumptions that might be made based on knowledge of QUIC version 1. Some of these statements are not even true for QUIC version 1. This is not an exhaustive list; it is intended to be illustrative only.

The following statements are NOT guaranteed to be true for every QUIC version:

Author's Address

Martin Thomson
Mozilla