HTTP M. Duke Internet-Draft Google Intended status: Standards Track L. Pardue Expires: 5 September 2022 Cloudflare 4 March 2022 An Alt-Svc Parameter for QUIC Versions draft-duke-httpbis-quic-version-alt-svc-00 Abstract HTTP Alternative Services (Alt-Svc) describes how one origin's resource can be accessed via a different protocol/host/port combination. Alternatives are advertised by servers using the Alt- Svc header field or the ALTSVC frame. This includes a protocol name, which reuses Application Layer Protocol Negotiation (ALPN) codepoints. The "h3" codepoint indicates the availability of HTTP/3. A client that uses such an alternative first makes a QUIC connection. However, without a priori knowledge of which QUIC version to use, clients might incur a round-trip latency penalty to complete QUIC version negotiation, or forfeit desirable properties of a QUIC version. This document specifies a new Alt-Svc parameter that specifies alternative supported QUIC versions, which substantially reduces the chance of this penalty. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://martinduke.github.io/quic-version-alt-svc-parameter/draft- duke-httpbis-quic-version-alt-svc.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-duke- httpbis-quic-version-alt-svc/. Discussion of this document takes place on the HTTP Working Group mailing list (mailto:ietf-http-wg@w3.org), which is archived at https://lists.w3.org/Archives/Public/ietf-http-wg/. Source for this draft and an issue tracker can be found at https://github.com/martinduke/quic-version-alt-svc-parameter. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Duke & Pardue Expires 5 September 2022 [Page 1] Internet-Draft An Alt-Svc Parameter for QUIC Versions March 2022 Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 5 September 2022. Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 3. The quicv Parameter . . . . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 6.1. Normative References . . . . . . . . . . . . . . . . . . 5 6.2. Informative References . . . . . . . . . . . . . . . . . 5 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction HTTP Alternative Services (Alt-Svc) [ALTSVC] describes how one origin's resource can be accessed via a different protocol/host/port combination. Alternatives are advertised by servers using the Alt- Svc header field or the ALTSVC frame. This includes a protocol name, which reuses codepoints from the Application-Layer Protocol Negotiation (ALPN) TLS extension [RFC7301]. Servers can advertise multiple alternatives, in which case the order reflects the server's Duke & Pardue Expires 5 September 2022 [Page 2] Internet-Draft An Alt-Svc Parameter for QUIC Versions March 2022 preferences (the first value being the most preferred). Clients can ignore alternative services, or pick one at their discretion. A client might use any details from the advertisement, in addition to out of band information, in determining if an alternative is suitable or preferred. While ALPN was originally intend to allow multiple applications to utilize TLS or DTLS on the same IP address and TCP or UDP port, ALPN can also usefully identify the transport in an Alt-Svc context. The "h3" ALPN codepoint informs the client that it can use HTTP/3 [I-D.ietf-quic-http] for access, which in turn requires the QUIC transport protocol [RFC8999]. QUIC is versioned. A client and server that both support a QUIC version can, through a negotiation process, generally agree on that version in no more than one round-trip. However, to avoid that penalty clients might use the most commonly deployed QUIC version (e.g. version 1 [RFC9000] at the time of writing), rather than the version with the most desirable properties for the client's use case. To avoid the round-trip, one solution would be to register unique ALPN codepoints for each HTTP/3 and QUIC version combination. However, this might complicate deployment of new versions and deprecation of old ones: architecturally, an application should provide its ALPN to its QUIC implementation. In this case, fully deploying a new version in that implementation would require updating all applications that use it. Instead, this document specifies an Alt-Svc parameter that lists the QUIC versions available to serve the resource. Clients that do not understand this parameter will ignore it. They might default to the most likely version, and/or incur a round-trip penalty in the event of a mismatch. Clients that do process the parameter will connect successfully using the most desirable version with high probability. 2. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. This document uses the Augmented BNF defined in [RFC5234] and imports parameter from Section 3 of [ALTSVC]. Duke & Pardue Expires 5 September 2022 [Page 3] Internet-Draft An Alt-Svc Parameter for QUIC Versions March 2022 3. The quicv Parameter This document specifies the "quicv" Alt-Svc parameter, which lists the QUIC versions supported by an endpoint, using the hexadecimal representation of the version field in a QUIC long header, as indicated in [RFC8999]. Senders MAY omit leading zeroes from version numbers. quicv = version-list version-list = DQUOTE version 1*( OWS, "," OWS version-number) DQUOTE version = 1*8 HEXDIG; hex-encoded QUIC version Examples: Alt-Svc: h3=":443"; quicv="1" Alt-Svc: h3=":443"; quicv="709a50c4,1" Alt-Svc: h3=":443"; quicv="709a50c4,1", h3=":1001"; quicv="709a50c4" The order of entries in version-list reflects the server's preference (with the first value being the most preferred alternative). Note that the quicv parameter applies to a single associated entry in the Alt-Svc list. Servers MUST NOT provide a quicv parameter to an entry containing ALPN codepoint that does not potentially utilize QUIC. If the Alt-Svc information resolves to a server pool that inconsistently supports different QUIC versions, the parameter SHOULD only advertise versions that are supported throughout the pool. 4. Security Considerations This document inherits the security considerations of [ALTSVC], especially the implications of "Changing Protocols" in Section 9.3. There are few protocol properties guaranteed to hold across all QUIC versions, so endpoints should be aware what capabilities are intrinsic to the QUIC versions they are advertising. This parameter reveals capabilities of the described server, but this information is already available by inducing the server to generate a QUIC version negotiation packet. 5. IANA Considerations Please add this entry ot the HTTP Alt-Svc Parameter Registry: Alt-Svc Parameter: quicv Duke & Pardue Expires 5 September 2022 [Page 4] Internet-Draft An Alt-Svc Parameter for QUIC Versions March 2022 Reference: This document 6. References 6.1. Normative References [ALTSVC] Bishop, M. and M. Thomson, "HTTP Alternative Services", Work in Progress, Internet-Draft, draft-ietf-httpbis- rfc7838bis-00, 31 August 2021, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008, . 6.2. Informative References [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, July 2014, . [I-D.ietf-quic-http] Bishop, M., "Hypertext Transfer Protocol Version 3 (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf- quic-http-34, 2 February 2021, . [RFC8999] Thomson, M., "Version-Independent Properties of QUIC", RFC 8999, DOI 10.17487/RFC8999, May 2021, . [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based Multiplexed and Secure Transport", RFC 9000, DOI 10.17487/RFC9000, May 2021, . Duke & Pardue Expires 5 September 2022 [Page 5] Internet-Draft An Alt-Svc Parameter for QUIC Versions March 2022 Acknowledgments TODO acknowledge. Authors' Addresses Martin Duke Google Email: martin.h.duke@gmail.com Lucas Pardue Cloudflare Email: lucaspardue.24.7@gmail.com Duke & Pardue Expires 5 September 2022 [Page 6]