< draft-pardue-quic-http-mcast-05.txt   draft-pardue-quic-http-mcast-06.txt >
Network Working Group L. Pardue Network Working Group L. Pardue
Internet-Draft Internet-Draft
Intended status: Informational R. Bradbury Intended status: Informational R. Bradbury
Expires: February 9, 2020 S. Hurst Expires: August 10, 2020 S. Hurst
BBC Research & Development BBC Research & Development
August 8, 2019 February 7, 2020
Hypertext Transfer Protocol (HTTP) over multicast QUIC Hypertext Transfer Protocol (HTTP) over multicast QUIC
draft-pardue-quic-http-mcast-05 draft-pardue-quic-http-mcast-06
Abstract Abstract
This document specifies a profile of the QUIC protocol and the HTTP/3 This document specifies a profile of the QUIC protocol and the HTTP/3
mapping that facilitates the transfer of HTTP resources over mapping that facilitates the transfer of HTTP resources over
multicast IP using the QUIC transport as its framing and multicast IP using the QUIC transport as its framing and
packetisation layer. Compatibility with the QUIC protocol's syntax packetisation layer. Compatibility with the QUIC protocol's syntax
and semantics is maintained as far as practical and additional and semantics is maintained as far as practical and additional
features are specified where this is not possible. features are specified where this is not possible.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 9, 2020. This Internet-Draft will expire on August 10, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 22 skipping to change at page 2, line 22
1.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 6 1.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 6
2. Multicast QUIC Sessions . . . . . . . . . . . . . . . . . . . 7 2. Multicast QUIC Sessions . . . . . . . . . . . . . . . . . . . 7
2.1. Session States . . . . . . . . . . . . . . . . . . . . . 8 2.1. Session States . . . . . . . . . . . . . . . . . . . . . 8
2.1.1. Session Establishment . . . . . . . . . . . . . . . . 8 2.1.1. Session Establishment . . . . . . . . . . . . . . . . 8
2.1.2. Session Termination . . . . . . . . . . . . . . . . . 9 2.1.2. Session Termination . . . . . . . . . . . . . . . . . 9
2.1.3. Session Migration . . . . . . . . . . . . . . . . . . 9 2.1.3. Session Migration . . . . . . . . . . . . . . . . . . 9
2.2. Session Parameters . . . . . . . . . . . . . . . . . . . 9 2.2. Session Parameters . . . . . . . . . . . . . . . . . . . 9
2.3. Session Identification . . . . . . . . . . . . . . . . . 10 2.3. Session Identification . . . . . . . . . . . . . . . . . 10
2.4. Session Security . . . . . . . . . . . . . . . . . . . . 11 2.4. Session Security . . . . . . . . . . . . . . . . . . . . 11
3. Session Advertisement . . . . . . . . . . . . . . . . . . . . 11 3. Session Advertisement . . . . . . . . . . . . . . . . . . . . 11
3.1. Version Advertisement . . . . . . . . . . . . . . . . . . 12 3.1. Security Context . . . . . . . . . . . . . . . . . . . . 12
3.2. Security Context . . . . . . . . . . . . . . . . . . . . 13 3.1.1. Cipher Suite . . . . . . . . . . . . . . . . . . . . 12
3.2.1. Cipher Suite . . . . . . . . . . . . . . . . . . . . 13 3.1.2. Key Exchange . . . . . . . . . . . . . . . . . . . . 13
3.2.2. Key Exchange . . . . . . . . . . . . . . . . . . . . 13 3.1.3. Initialization Vector . . . . . . . . . . . . . . . . 13
3.2.3. Initialization Vector . . . . . . . . . . . . . . . . 13 3.2. Session Identification . . . . . . . . . . . . . . . . . 13
3.3. Session Identification . . . . . . . . . . . . . . . . . 14 3.3. Session Idle Timeout . . . . . . . . . . . . . . . . . . 13
3.4. Session Idle Timeout . . . . . . . . . . . . . . . . . . 14 3.4. Session Peak Flow Rate . . . . . . . . . . . . . . . . . 14
3.5. Session Peak Flow Rate . . . . . . . . . . . . . . . . . 15 3.5. Resource Concurrency . . . . . . . . . . . . . . . . . . 15
3.6. Resource Concurrency . . . . . . . . . . . . . . . . . . 15 3.6. Additional TransportParameter Considerations . . . . . . 15
3.7. Additional TransportParameter Considerations . . . . . . 16 3.7. Digest Algorithm . . . . . . . . . . . . . . . . . . . . 16
3.8. Digest Algorithm . . . . . . . . . . . . . . . . . . . . 16 3.8. Signature Algorithm . . . . . . . . . . . . . . . . . . . 17
3.9. Signature Algorithm . . . . . . . . . . . . . . . . . . . 17
4. QUIC Profile . . . . . . . . . . . . . . . . . . . . . . . . 18 4. QUIC Profile . . . . . . . . . . . . . . . . . . . . . . . . 18
4.1. Packet Size . . . . . . . . . . . . . . . . . . . . . . . 18 4.1. Packet Size . . . . . . . . . . . . . . . . . . . . . . . 18
4.2. Packet Format . . . . . . . . . . . . . . . . . . . . . . 18 4.2. Packet Format . . . . . . . . . . . . . . . . . . . . . . 18
4.2.1. Packet Numbers . . . . . . . . . . . . . . . . . . . 18 4.2.1. Packet Numbers . . . . . . . . . . . . . . . . . . . 18
4.2.2. Spin Bit . . . . . . . . . . . . . . . . . . . . . . 19 4.2.2. Spin Bit . . . . . . . . . . . . . . . . . . . . . . 19
4.3. Connection Identifier . . . . . . . . . . . . . . . . . . 19 4.3. Connection Identifier . . . . . . . . . . . . . . . . . . 19
4.4. Stream Identifier . . . . . . . . . . . . . . . . . . . . 19 4.4. Stream Identifier . . . . . . . . . . . . . . . . . . . . 19
4.5. Flow Control . . . . . . . . . . . . . . . . . . . . . . 19 4.5. Flow Control . . . . . . . . . . . . . . . . . . . . . . 19
4.6. Stream Termination . . . . . . . . . . . . . . . . . . . 20 4.6. Stream Termination . . . . . . . . . . . . . . . . . . . 20
4.7. Connection Shutdown . . . . . . . . . . . . . . . . . . . 20 4.7. Connection Shutdown . . . . . . . . . . . . . . . . . . . 20
4.8. Connection Migration . . . . . . . . . . . . . . . . . . 20 4.8. Connection Migration . . . . . . . . . . . . . . . . . . 20
4.9. Explicit Congestion Notification . . . . . . . . . . . . 21 4.9. Explicit Congestion Notification . . . . . . . . . . . . 21
4.10. Session Keep-alive . . . . . . . . . . . . . . . . . . . 21 4.10. Session Keep-alive . . . . . . . . . . . . . . . . . . . 21
4.11. Loss Detection and Recovery . . . . . . . . . . . . . . . 21 4.11. Loss Detection and Recovery . . . . . . . . . . . . . . . 21
4.12. Prohibited QUIC Frames and Packets . . . . . . . . . . . 22 4.12. Prohibited QUIC Frames and Packets . . . . . . . . . . . 22
5. HTTP/3 Profile . . . . . . . . . . . . . . . . . . . . . . . 22 5. HTTP/3 Profile . . . . . . . . . . . . . . . . . . . . . . . 22
5.1. HTTP Connection Settings . . . . . . . . . . . . . . . . 22 5.1. HTTP Connection Settings . . . . . . . . . . . . . . . . 22
5.2. Server Push . . . . . . . . . . . . . . . . . . . . . . . 23 5.2. Server Push . . . . . . . . . . . . . . . . . . . . . . . 23
5.3. Metadata Compression . . . . . . . . . . . . . . . . . . 23 5.3. Metadata Compression . . . . . . . . . . . . . . . . . . 23
5.4. Prioritisation . . . . . . . . . . . . . . . . . . . . . 24 5.4. Session Tear-down . . . . . . . . . . . . . . . . . . . . 24
5.5. Session Tear-down . . . . . . . . . . . . . . . . . . . . 24 5.5. HTTP/3 Extension frames . . . . . . . . . . . . . . . . . 24
5.6. HTTP/3 Extension frames . . . . . . . . . . . . . . . . . 24 5.6. Prohibited HTTP/3 Frames . . . . . . . . . . . . . . . . 24
5.7. Prohibited HTTP/3 Frames . . . . . . . . . . . . . . . . 24 6. Application-Layer Security . . . . . . . . . . . . . . . . . 24
6. Application-Layer Security . . . . . . . . . . . . . . . . . 25
6.1. Content Integrity . . . . . . . . . . . . . . . . . . . . 25 6.1. Content Integrity . . . . . . . . . . . . . . . . . . . . 25
6.2. Content Authenticity . . . . . . . . . . . . . . . . . . 25 6.2. Content Authenticity . . . . . . . . . . . . . . . . . . 25
6.3. Content Confidentiality . . . . . . . . . . . . . . . . . 27 6.3. Content Confidentiality . . . . . . . . . . . . . . . . . 26
7. Loss Recovery . . . . . . . . . . . . . . . . . . . . . . . . 27 7. Loss Recovery . . . . . . . . . . . . . . . . . . . . . . . . 27
7.1. Forward Error Correction . . . . . . . . . . . . . . . . 27 7.1. Forward Error Correction . . . . . . . . . . . . . . . . 27
7.2. Unicast Repair . . . . . . . . . . . . . . . . . . . . . 27 7.2. Unicast Repair . . . . . . . . . . . . . . . . . . . . . 27
8. Transmission of Partial Content . . . . . . . . . . . . . . . 28 8. Transmission of Partial Content . . . . . . . . . . . . . . . 28
9. Protocol Identifier . . . . . . . . . . . . . . . . . . . . . 28 9. Protocol Identifier . . . . . . . . . . . . . . . . . . . . . 28
9.1. Draft Version Identification . . . . . . . . . . . . . . 28 9.1. Draft Version Identification . . . . . . . . . . . . . . 28
10. Discovery of Multicast QUIC Sessions . . . . . . . . . . . . 29 10. Discovery of Multicast QUIC Sessions . . . . . . . . . . . . 29
10.1. Source-specific Multicast Advertisement . . . . . . . . 30 10.1. Source-specific Multicast Advertisement . . . . . . . . 29
10.2. Session Parameter Advertisement . . . . . . . . . . . . 30 10.2. Session Parameter Advertisement . . . . . . . . . . . . 30
10.2.1. Version . . . . . . . . . . . . . . . . . . . . . . 30 10.2.1. Cipher Suite . . . . . . . . . . . . . . . . . . . . 30
10.2.2. Cipher Suite . . . . . . . . . . . . . . . . . . . . 30 10.2.2. Session Key . . . . . . . . . . . . . . . . . . . . 30
10.2.3. Session Key . . . . . . . . . . . . . . . . . . . . 31 10.2.3. Session Cipher Initialization Vector . . . . . . . . 31
10.2.4. Session Cipher Initialization Vector . . . . . . . . 31 10.2.4. Session Identification . . . . . . . . . . . . . . . 31
10.2.5. Session Identification . . . . . . . . . . . . . . . 31 10.2.5. Session Idle Timeout Period . . . . . . . . . . . . 31
10.2.6. Session Idle Timeout Period . . . . . . . . . . . . 32 10.2.6. Resource Concurrency . . . . . . . . . . . . . . . . 32
10.2.7. Resource Concurrency . . . . . . . . . . . . . . . . 32 10.2.7. Session Peak Flow Rate . . . . . . . . . . . . . . . 32
10.2.8. Session Peak Flow Rate . . . . . . . . . . . . . . . 33 10.2.8. Digest Algorithm . . . . . . . . . . . . . . . . . . 33
10.2.9. Digest Algorithm . . . . . . . . . . . . . . . . . . 33 10.2.9. Signature Algorithm . . . . . . . . . . . . . . . . 33
10.2.10. Signature Algorithm . . . . . . . . . . . . . . . . 33 10.2.10. Extensions . . . . . . . . . . . . . . . . . . . . . 33
11. Security and Privacy Considerations . . . . . . . . . . . . . 34 11. Security and Privacy Considerations . . . . . . . . . . . . . 34
11.1. Pervasive Monitoring . . . . . . . . . . . . . . . . . . 34 11.1. Pervasive Monitoring . . . . . . . . . . . . . . . . . . 34
11.1.1. Large-scale Data Gathering and Correlation . . . . . 35 11.1.1. Large-scale Data Gathering and Correlation . . . . . 35
11.1.2. Changing Content . . . . . . . . . . . . . . . . . . 35 11.1.2. Changing Content . . . . . . . . . . . . . . . . . . 35
11.2. Protection of Discovery Mechanism . . . . . . . . . . . 35 11.2. Protection of Discovery Mechanism . . . . . . . . . . . 35
11.3. Spoofing . . . . . . . . . . . . . . . . . . . . . . . . 36 11.3. Spoofing . . . . . . . . . . . . . . . . . . . . . . . . 36
11.3.1. Spoofed Ack Attacks . . . . . . . . . . . . . . . . 36 11.3.1. Spoofed Ack Attacks . . . . . . . . . . . . . . . . 36
11.3.2. Sender Spoofing . . . . . . . . . . . . . . . . . . 36 11.3.2. Sender Spoofing . . . . . . . . . . . . . . . . . . 36
11.3.3. Receiver Spoofing . . . . . . . . . . . . . . . . . 36 11.3.3. Receiver Spoofing . . . . . . . . . . . . . . . . . 36
11.4. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 36 11.4. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 36
skipping to change at page 4, line 14 skipping to change at page 4, line 12
12.2.1. Source Address . . . . . . . . . . . . . . . . . . . 39 12.2.1. Source Address . . . . . . . . . . . . . . . . . . . 39
12.2.2. Cipher Suite . . . . . . . . . . . . . . . . . . . . 39 12.2.2. Cipher Suite . . . . . . . . . . . . . . . . . . . . 39
12.2.3. Key . . . . . . . . . . . . . . . . . . . . . . . . 39 12.2.3. Key . . . . . . . . . . . . . . . . . . . . . . . . 39
12.2.4. Initialization Vector . . . . . . . . . . . . . . . 39 12.2.4. Initialization Vector . . . . . . . . . . . . . . . 39
12.2.5. Session Identifier . . . . . . . . . . . . . . . . . 39 12.2.5. Session Identifier . . . . . . . . . . . . . . . . . 39
12.2.6. Session Idle Timeout . . . . . . . . . . . . . . . . 40 12.2.6. Session Idle Timeout . . . . . . . . . . . . . . . . 40
12.2.7. Maximum Concurrent Resources . . . . . . . . . . . . 40 12.2.7. Maximum Concurrent Resources . . . . . . . . . . . . 40
12.2.8. Peak Flow Rate . . . . . . . . . . . . . . . . . . . 40 12.2.8. Peak Flow Rate . . . . . . . . . . . . . . . . . . . 40
12.2.9. Digest Algorithm . . . . . . . . . . . . . . . . . . 40 12.2.9. Digest Algorithm . . . . . . . . . . . . . . . . . . 40
12.2.10. Signature Algorithm . . . . . . . . . . . . . . . . 40 12.2.10. Signature Algorithm . . . . . . . . . . . . . . . . 40
12.2.11. Extension . . . . . . . . . . . . . . . . . . . . . 40
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 40 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 40
13.1. Normative References . . . . . . . . . . . . . . . . . . 40 13.1. Normative References . . . . . . . . . . . . . . . . . . 40
13.2. Informative References . . . . . . . . . . . . . . . . . 42 13.2. Informative References . . . . . . . . . . . . . . . . . 42
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 44 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 44
Appendix B. Examples . . . . . . . . . . . . . . . . . . . . . . 44 Appendix B. Examples . . . . . . . . . . . . . . . . . . . . . . 44
B.1. Session Advertisement . . . . . . . . . . . . . . . . . . 44 B.1. Session Advertisement . . . . . . . . . . . . . . . . . . 44
B.1.1. Source-specific Multicast QUIC Session . . . . . . . 44 B.1.1. Source-specific Multicast QUIC Session . . . . . . . 44
B.1.2. Source-specific Multicast QUIC Session with Transport B.1.2. Source-specific Multicast QUIC Session with Transport
Encryption using a Symmetric Key . . . . . . . . . . 45 Encryption using a Symmetric Key . . . . . . . . . . 45
B.1.3. Source-specific Multicast QUIC Session with Transport B.1.3. Source-specific Multicast QUIC Session with Transport
skipping to change at page 4, line 38 skipping to change at page 4, line 37
or Authenticity . . . . . . . . . . . . . . . . . . . 46 or Authenticity . . . . . . . . . . . . . . . . . . . 46
B.2.3. Transfer with Content Integrity and without B.2.3. Transfer with Content Integrity and without
Authenticity . . . . . . . . . . . . . . . . . . . . 47 Authenticity . . . . . . . . . . . . . . . . . . . . 47
B.2.4. Partial Transfer with Content Integrity and without B.2.4. Partial Transfer with Content Integrity and without
Authenticity . . . . . . . . . . . . . . . . . . . . 47 Authenticity . . . . . . . . . . . . . . . . . . . . 47
B.2.5. Transfer with Content Integrity and Authenticity . . 48 B.2.5. Transfer with Content Integrity and Authenticity . . 48
B.2.6. Partial Transfer with Content Integrity and B.2.6. Partial Transfer with Content Integrity and
Authenticity . . . . . . . . . . . . . . . . . . . . 49 Authenticity . . . . . . . . . . . . . . . . . . . . 49
Appendix C. Summary of differences from unicast QUIC and HTTP/3 50 Appendix C. Summary of differences from unicast QUIC and HTTP/3 50
Appendix D. Changelog . . . . . . . . . . . . . . . . . . . . . 61 Appendix D. Changelog . . . . . . . . . . . . . . . . . . . . . 61
D.1. Since draft-pardue-quic-http-mcast-04 . . . . . . . . . . 61 D.1. Since draft-pardue-quic-http-mcast-05 . . . . . . . . . . 61
D.2. Since draft-pardue-quic-http-mcast-03 . . . . . . . . . . 61 D.2. Since draft-pardue-quic-http-mcast-04 . . . . . . . . . . 62
D.3. Since draft-pardue-quic-http-mcast-02 . . . . . . . . . . 62 D.3. Since draft-pardue-quic-http-mcast-03 . . . . . . . . . . 62
D.4. Since draft-pardue-quic-http-mcast-01 . . . . . . . . . . 62 D.4. Since draft-pardue-quic-http-mcast-02 . . . . . . . . . . 63
D.5. Since draft-pardue-quic-http-mcast-00 . . . . . . . . . . 63 D.5. Since draft-pardue-quic-http-mcast-01 . . . . . . . . . . 63
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 63 D.6. Since draft-pardue-quic-http-mcast-00 . . . . . . . . . . 64
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 64
1. Introduction 1. Introduction
The means to bulk transfer resources over multicast IP [RFC1112] The means to bulk transfer resources over multicast IP [RFC1112]
using HTTP semantics presents an opportunity to more efficiently using HTTP semantics presents an opportunity to more efficiently
deliver services at scale, while leveraging the wealth of existing deliver services at scale, while leveraging the wealth of existing
HTTP-related standards, tools and applications. Audio-visual HTTP-related standards, tools and applications. Audio-visual
segmented media, in particular, would benefit from this mode of segmented media, in particular, would benefit from this mode of
transmission. transmission.
skipping to change at page 9, line 16 skipping to change at page 9, line 16
It is equally valid for a receiver to join a session in the Quiescent It is equally valid for a receiver to join a session in the Quiescent
state, triggering the transition to Half-Established. In this case, state, triggering the transition to Half-Established. In this case,
the transition to Fully-Established takes place only when a sender the transition to Fully-Established takes place only when a sender
joins the session. joins the session.
2.1.2. Session Termination 2.1.2. Session Termination
A session enters the Finished state when all participants leave it. A session enters the Finished state when all participants leave it.
The methods for leaving a session are either explicit shutdown The methods for leaving a session are either explicit shutdown
(Section 5.5), implicit shutdown (i.e. idle timeout, Section 3.4) or (Section 5.4), implicit shutdown (i.e. idle timeout, Section 3.3) or
migration away (described in the next section). migration away (described in the next section).
In a typical case, a session that is in the Fully-Established state In a typical case, a session that is in the Fully-Established state
would be closed in two stages. In the first stage the sender sends would be closed in two stages. In the first stage the sender sends
explicit shutdown messages to the multicast group and subsequently explicit shutdown messages to the multicast group and subsequently
stops transmitting packets. This causes the session to transition stops transmitting packets. This causes the session to transition
from Fully-Established to Half-Established. In the second stage, from Fully-Established to Half-Established. In the second stage,
receivers that have received explicit shutdown messages leave the receivers that have received explicit shutdown messages leave the
multicast group. Once all receivers have left the session it multicast group. Once all receivers have left the session it
transitions from Half-Established to Finished. transitions from Half-Established to Finished.
skipping to change at page 10, line 42 skipping to change at page 10, line 42
Assignment of Session ID is considered out of this document's scope. Assignment of Session ID is considered out of this document's scope.
The Session ID is carried in the Destination Connection ID field of The Session ID is carried in the Destination Connection ID field of
the QUIC packet (see Section 4.3). Source Connection IDs are not the QUIC packet (see Section 4.3). Source Connection IDs are not
used. used.
The maximum size of a Session ID is 160 bits. The size of the The maximum size of a Session ID is 160 bits. The size of the
Destination Connection ID field used to convey the Session ID SHALL Destination Connection ID field used to convey the Session ID SHALL
be the smallest number of full bytes required to represent the full be the smallest number of full bytes required to represent the full
Session ID value advertised in the "session-id" session parameter Session ID value advertised in the "session-id" session parameter
(Section 10.2.5). If no "session-id" parameter is advertised, then (Section 10.2.4). If no "session-id" parameter is advertised, then
this session has no explicit session ID, and the Destination this session has no explicit session ID, and the Destination
Connection ID field SHALL be omitted from all QUIC packets related to Connection ID field SHALL be omitted from all QUIC packets related to
the session. the session.
A multicast sender participating in a session with an advertised A multicast sender participating in a session with an advertised
"session-id" session parameter MUST send QUIC packets with a matching "session-id" session parameter MUST send QUIC packets with a matching
Session ID. Conversely, a multicast sender participating in a Session ID. Conversely, a multicast sender participating in a
session without an advertised "session-id" session parameter MUST NOT session without an advertised "session-id" session parameter MUST NOT
send QUIC packets with a Destination Connection ID field. send QUIC packets with a Destination Connection ID field.
A multicast receiver participating in a session with an advertised A multicast receiver participating in a session with an advertised
"session-id" session parameter MUST validate that the Session ID of "session-id" session parameter MUST validate that the Session ID of
received QUIC packets matches that advertised in the session received QUIC packets matches that advertised in the session
parameters (Section 10.2.5) before any HTTP-level processing is done. parameters (Section 10.2.4) before any HTTP-level processing is done.
In the case of validation failure, the receiver SHOULD ignore the In the case of validation failure, the receiver SHOULD ignore the
packet in order to protect itself from denial-of-service attacks. packet in order to protect itself from denial-of-service attacks.
2.4. Session Security 2.4. Session Security
*Authors' Note:* Security handshake (as described in WG documents) *Authors' Note:* Security handshake (as described in WG documents)
is in flux. This section will track developments and will be is in flux. This section will track developments and will be
updated accordingly. updated accordingly.
The QUIC cryptographic handshake ([QUIC-TRANSPORT] and [QUIC-TLS]) The QUIC cryptographic handshake ([QUIC-TRANSPORT] and [QUIC-TLS])
sets out methods to achieve the goals of authenticated key exchange sets out methods to achieve the goals of authenticated key exchange
and QUIC packet protection between two endpoints forming a QUIC and QUIC packet protection between two endpoints forming a QUIC
connection. The design facilitates low-latency connection; 1-RTT or connection. The design facilitates low-latency connection; 1-RTT or
0-RTT. This specification replaces the in-band security handshake, 0-RTT. This specification replaces the in-band security handshake,
achieving similar goals through the use of session parameters achieving similar goals through the use of session parameters
described in Section 3.2. described in Section 3.1.
Integrity and authenticity concerns are addressed in Section 6.1 and Integrity and authenticity concerns are addressed in Section 6.1 and
Section 6.2 respectively. In order to protect themselves from attack Section 6.2 respectively. In order to protect themselves from attack
vectors, endpoints SHOULD NOT participate in sessions for which they vectors, endpoints SHOULD NOT participate in sessions for which they
cannot establish reasonable confidence over the cipher suite or key cannot establish reasonable confidence over the cipher suite or key
in use for that session. Participants MAY leave any session that in use for that session. Participants MAY leave any session that
fails to successfully match anticipated security characteristics. fails to successfully match anticipated security characteristics.
3. Session Advertisement 3. Session Advertisement
skipping to change at page 12, line 24 skipping to change at page 12, line 24
and integrity of the Alt-Svc information. This addresses some of the and integrity of the Alt-Svc information. This addresses some of the
concerns around the protection of session establishment described in concerns around the protection of session establishment described in
Section 11.2. Section 11.2.
*Authors' Note:* We invite review comments on mandating the use of *Authors' Note:* We invite review comments on mandating the use of
a secure transport for advertising sessions. a secure transport for advertising sessions.
Senders MAY also advertise the availability of alternative sessions Senders MAY also advertise the availability of alternative sessions
by carrying Alt-Svc in a multicast QUIC session. by carrying Alt-Svc in a multicast QUIC session.
3.1. Version Advertisement 3.1. Security Context
*Authors' Note:* Version negotiation (as described in WG
documents) is in flux. This section will track developments and
will be updated accordingly.
Conventional QUIC has a concept of version negotiation. To start a
session, a client selects a version number and sends a packet to
initiate the connection. On receipt, if the server identifies that
it does not support that version then it may begin version
negotiation. In a unidirectional multicast environment, there is no
reasonable way to negotiate in such a manner. [QUIC-HTTP] defines an
Alt-Svc "quic" parameter that can be advertised to clients for use as
a version negotiation hint. This specification uses "quic" as a
session parameter for a similar purpose. This mechanism replaces the
use of the Version field in the QUIC packet long header (see
Section 4.2).
The Alt-Svc "quic" parameter is mandatory. Session advertisements
MUST contain exactly one instance of it and it MUST NOT be repeated.
A multicast sender participating in a session MUST send QUIC packets
and frames in the format corresponding to the advertised version. If
the sender does not support the advertised version it MUST NOT send
any data. A receiver MUST NOT join a session where the "quic"
parameter is absent. A receiver SHOULD NOT join a session for which
it does not support the advertised version, in order to avoid wasting
processing resources.
3.2. Security Context
*Authors' Note:* Security handshake (as described in WG documents) *Authors' Note:* Security handshake (as described in WG documents)
is in flux. This section will track developments and will be is in flux. This section will track developments and will be
updated accordingly. updated accordingly.
This specification replaces the in-band security handshake. The This specification replaces the in-band security handshake. The
session parameters "cipher suite", "key" and "iv" (described below) session parameters "cipher suite", "key" and "iv" (described below)
allow for the establishment of a security context. In order to allow for the establishment of a security context. In order to
protect themselves, endpoints SHOULD NOT participate in sessions for protect themselves, endpoints SHOULD NOT participate in sessions for
which they cannot establish reasonable confidence over the cipher which they cannot establish reasonable confidence over the cipher
suite, key, or IV in use for that session. Endpoints SHOULD leave suite, key, or IV in use for that session. Endpoints SHOULD leave
any sessions which fail to successfully match anticipated security any sessions which fail to successfully match anticipated security
characteristics. characteristics.
3.2.1. Cipher Suite 3.1.1. Cipher Suite
Cipher suite negotiation is replaced with a "cipher suite" session Cipher suite negotiation is replaced with a "cipher suite" session
parameter, which is advertised as the Alt-Svc parameter "cipher- parameter, which is advertised as the Alt-Svc parameter "cipher-
suite" (Section 10.2.2). suite" (Section 10.2.1).
The Alt-Svc "cipher-suite" parameter is OPTIONAL. If present, this The Alt-Svc "cipher-suite" parameter is OPTIONAL. If present, this
parameter MUST contain only one value that corresponds to an entry in parameter MUST contain only one value that corresponds to an entry in
the TLS Cipher Suite Registry (see http://www.iana.org/assignments/ the TLS Cipher Suite Registry (see http://www.iana.org/assignments/
tls-parameters/tls-parameters.xhtml#tls-parameters-4). Session tls-parameters/tls-parameters.xhtml#tls-parameters-4). Session
advertisments that omit this parameter imply that the session is advertisements that omit this parameter imply that the session is
operating with cipher suite 0x00,0x00 (NULL_WITH_NULL_NULL). operating with cipher suite 0x00,0x00 (NULL_WITH_NULL_NULL).
3.2.2. Key Exchange 3.1.2. Key Exchange
Key exchange is replaced with a "key" session parameter, which is Key exchange is replaced with a "key" session parameter, which is
advertised as the Alt-Svc parameter "key" (Section 10.2.3). The advertised as the Alt-Svc parameter "key" (Section 10.2.2). The
parameter carries a variable-length hex-encoded key for use with the parameter carries a variable-length hex-encoded key for use with the
session cipher suite. session cipher suite.
The Alt-Svc "key" parameter is OPTIONAL. Session advertisments that The Alt-Svc "key" parameter is OPTIONAL. Session advertisements that
omit this parameter imply that the key may be available via an out- omit this parameter imply that the key may be available via an out-
of-band method not described in this document. of-band method not described in this document.
3.2.3. Initialization Vector 3.1.3. Initialization Vector
Initialization Vector (IV) exchange is replaced with an "iv" session Initialization Vector (IV) exchange is replaced with an "iv" session
parameter, which is advertised as the Alt-Svc parameter "iv" parameter, which is advertised as the Alt-Svc parameter "iv"
(Section 10.2.4). The parameter carries a variable-length hex- (Section 10.2.3). The parameter carries a variable-length hex-
encoded IV for use with the session cipher suite and key. encoded IV for use with the session cipher suite and key.
The Alt-Svc "iv" parameter is OPTIONAL. Session advertisments that The Alt-Svc "iv" parameter is OPTIONAL. Session advertisements that
omit this parameter imply that the IV may be available via an out-of- omit this parameter imply that the IV may be available via an out-of-
band method not described in this document. band method not described in this document.
3.3. Session Identification 3.2. Session Identification
[QUIC-TRANSPORT] specifies how the QUIC connection identifiers are [QUIC-TRANSPORT] specifies how the QUIC connection identifiers are
used, in particular the independent selection of these identfiers by used, in particular the independent selection of these identifiers by
each endpoint for its peer. In a unidirectional multicast each endpoint for its peer. In a unidirectional multicast
environment, there is no meaningful way for an endpoint to generate a environment, there is no meaningful way for an endpoint to generate a
connection identifier for its peer to use. This document defines a connection identifier for its peer to use. This document defines a
"session identifier" session parameter, which is advertised as the "session identifier" session parameter, which is advertised as the
Alt-Svc parameter "session-id" (Section 10.2.5). The requirements Alt-Svc parameter "session-id" (Section 10.2.4). The requirements
for the usage of session identifiers have already been described in for the usage of session identifiers have already been described in
Section 2.3. Section 2.3.
The Alt-Svc "session-id" parameter is optional. Session The Alt-Svc "session-id" parameter is optional. Session
advertisements MAY contain zero or more instances. The parameter MAY advertisements MAY contain at most one instance of a "session-id"
be repeated with different values, indicating that multiple sessions parameter. Session advertisements that identify the same Any Source
are multiplexed in the same multicast group. Multicast group {G} or Source Specific Multicast group {S,G} indicate
that multiple sessions are multiplexed in the same multicast group
*Authors' Note:* We invite review comments on mandating a single and each such advertisement must carry a unique "session-id".
session identifier per advertised session, i.e. only one session
identifier per ASM {G} or SSM {S,G}.
3.4. Session Idle Timeout 3.3. Session Idle Timeout
Conventional QUIC connections may be implicitly terminated following Conventional QUIC connections may be implicitly terminated following
a period of idleness (lack of network activity). The optional QUIC a period of idleness (lack of network activity). The optional QUIC
TransportParameter "idle_timeout" provides a means for endpoints to TransportParameter "max_idle_timeout" provides a means for endpoints
specify the timeout period. This document defines a "session idle to specify the timeout period. This document defines a "session idle
timeout" session parameter, which is advertised as the Alt-Svc timeout" session parameter, which is advertised as the Alt-Svc
parameter "session-idle-timeout" (Section 10.2.6). This session parameter "session-idle-timeout" (Section 10.2.5). This session
parameter mimics the behaviour of "idle_timeout", providing a means parameter mimics the behaviour of "max_idle_timeout", providing a
for multicast QUIC sessions to define their own idle timeout periods. means for multicast QUIC sessions to define their own idle timeout
periods.
Session idle timeout may be prevented by keep-alive strategies Session idle timeout may be prevented by keep-alive strategies
Section 4.10. Section 4.10.
The Alt-Svc "session-idle-timeout" parameter is optional. Session The Alt-Svc "session-idle-timeout" parameter is optional. Session
advertisements MAY contain zero or more instances of this parameter. advertisements MAY contain zero or more instances of this parameter.
If it is repeated, the first occurrence MUST be used and subsequent If it is repeated, the first occurrence MUST be used and subsequent
occurrences MUST be ignored. Session advertisements that omit the occurrences MUST be ignored. Session advertisements that omit the
"session-idle-timeout" parameter, or set it to zero never time out. "session-idle-timeout" parameter, or set it to zero never time out.
Receiving participants SHOULD leave multicast QUIC sessions when the Receiving participants SHOULD leave multicast QUIC sessions when the
session idle timeout period has elapsed (Section 4.7). Leaving session idle timeout period has elapsed (Section 4.7). Leaving
participants MUST use the silent close method, in which no QUIC participants MUST use the silent close method, in which no QUIC
"CONNECTION_CLOSE" frame is sent. "CONNECTION_CLOSE" frame is sent.
3.5. Session Peak Flow Rate 3.4. Session Peak Flow Rate
[QUIC-TRANSPORT] specifies a credit-based stream- and connection- [QUIC-TRANSPORT] specifies a credit-based stream- and connection-
level flow control scheme which prevents a fast sender from level flow control scheme which prevents a fast sender from
overwhelming a slow receiver at the stream level, as well as an overwhelming a slow receiver at the stream level, as well as an
aggregate level of all streams. Window size connection parameters aggregate level of all streams. Window size connection parameters
are exchanged on connection establishment using the required QUIC are exchanged on connection establishment using the required QUIC
TransportParameters "initial_max_data", TransportParameters "initial_max_data",
"initial_max_stream_data_bidi_local", "initial_max_stream_data_bidi_local",
"initial_max_stream_data_bidi_remote" and "initial_max_stream_data_bidi_remote" and
"initial_max_stream_data_uni". In a unidirectional multicast "initial_max_stream_data_uni". In a unidirectional multicast
environment, such a scheme is infeasible. environment, such a scheme is infeasible.
This document defines a "peak flow rate" session parameter, expressed This document defines a "peak flow rate" session parameter, expressed
in units of bits per second, which is advertised as the Alt-Svc in units of bits per second, which is advertised as the Alt-Svc
parameter "peak-flow-rate" (Section 10.2.8). This completely parameter "peak-flow-rate" (Section 10.2.7). This completely
replaces the transport parameters listed above, instead indicating replaces the transport parameters listed above, instead indicating
the maximum bit rate of QUIC "STREAM" frame payloads transmitted on the maximum bit rate of QUIC payloads transmitted on all multicast
all multicast groups comprising the session. It applies at the groups comprising the session. It applies at the aggregate level,
aggregate level, and is not specific to any single stream. and is not specific to any single stream.
The Alt-Svc "peak-flow-rate" parameter is OPTIONAL. If the parameter The Alt-Svc "peak-flow-rate" parameter is OPTIONAL. If the parameter
is repeated the first occurrence MUST be used and subsequent is repeated the first occurrence MUST be used and subsequent
occurrences MUST be ignored. Session advertisements that omit the occurrences MUST be ignored. Session advertisements that omit the
parameter imply that the flow rate is unlimited. parameter imply that the flow rate is unlimited.
A multicast sender SHOULD NOT cause the advertised peak flow rate of A multicast sender SHOULD NOT cause the advertised peak flow rate of
a session to be exceeded. A receiver MAY leave any session where the a session to be exceeded. A receiver MAY leave any session where the
advertised peak flow rate is exceeded. advertised peak flow rate is exceeded.
3.6. Resource Concurrency 3.5. Resource Concurrency
[QUIC-TRANSPORT] considers concurrency in terms of the number of [QUIC-TRANSPORT] considers concurrency in terms of the number of
active incoming streams, which is varied by the receiving endpoint active incoming streams, which is varied by the receiving endpoint
adjusting the maximum Stream ID. The initial value of maximum Stream adjusting the maximum Stream ID. The initial value of maximum Stream
ID is controlled by the relevant required QUIC TransportParameters ID is controlled by the relevant required QUIC TransportParameters
"initial_max_streams_bidi" and "initial_max_streams_uni". They are "initial_max_streams_bidi" and "initial_max_streams_uni". They are
increased during the lifetime of a QUIC connection by the QUIC increased during the lifetime of a QUIC connection by the QUIC
"MAX_STREAMS" frame. In a unidirectional multicast environment, "MAX_STREAMS" frame. In a unidirectional multicast environment,
there is no way for a receiver to specify an initial limit nor to there is no way for a receiver to specify an initial limit nor to
increase it. Therefore in multicast QUIC, the maximum Stream ID increase it. Therefore in multicast QUIC, the maximum Stream ID
(initial and always) is 2^62. This mechanism is not used to manage (initial and always) is 2^62. This mechanism is not used to manage
concurrency in multicast QUIC. concurrency in multicast QUIC.
Due to the profiling of maximum Stream ID, there is no role for the Due to the profiling of maximum Stream ID, there is no role for the
QUIC "STREAMS_BLOCKED" frame and it is prohibited. Participants MUST QUIC "STREAMS_BLOCKED" frame and it is prohibited. Participants MUST
NOT send this frame type. Reception of this frame type MUST be NOT send this frame type. Reception of this frame type MUST be
handled as described in Section 4.12. handled as described in Section 4.12.
This document specifies a "maximum concurrent resources" session This document specifies a "maximum concurrent resources" session
parameter, which is advertised as the Alt-Svc parameter "max- parameter, which is advertised as the Alt-Svc parameter "max-
concurrent-resources" (Section 10.2.7). This parameter replaces concurrent-resources" (Section 10.2.6). This parameter replaces
"initial_max_stream_id_bidi" and "initial_max_stream_id_uni". It "initial_max_stream_id_bidi" and "initial_max_stream_id_uni". It
advertises the maximum number of concurrent active resources advertises the maximum number of concurrent active resources
generated by a sender in a given multicast QUIC session. generated by a sender in a given multicast QUIC session.
The Alt-Svc "max-concurrent-resources" parameter is OPTIONAL. If the The Alt-Svc "max-concurrent-resources" parameter is OPTIONAL. If the
parameter is repeated the first occurrence MUST be used and parameter is repeated the first occurrence MUST be used and
subsequent occurrences MUST be ignored. Session advertisements that subsequent occurrences MUST be ignored. Session advertisements that
omit the parameter imply that the maximum concurrency is unlimited. omit the parameter imply that the maximum concurrency is unlimited.
A multicast sender participating in a session MUST NOT cause the A multicast sender participating in a session MUST NOT cause the
advertised "max-concurrent-resources" to be exceeded. A receiver MAY advertised "max-concurrent-resources" to be exceeded. A receiver MAY
leave any session where the advertised limit is exceeded, in order to leave any session where the advertised limit is exceeded, in order to
protect itself from denial-of-service attacks. protect itself from denial-of-service attacks.
3.7. Additional TransportParameter Considerations 3.6. Additional TransportParameter Considerations
*Authors' Note:* This section will consider TransportParameters *Authors' Note:* This section will consider TransportParameters
that have not already been addressed, as required. It will track that have not already been addressed, as required. It will track
developments and issues that may arise. developments and issues that may arise.
3.8. Digest Algorithm Section 19.21 of [QUIC-TRANSPORT] defines a mechanism for endpoints
to show willingness to receive one or more extension frame types. It
is not possible for multicast QUIC receivers to signal this
information to senders.
This document defines an "extensions" session parameter, which is
advertised as the Alt-Svc parameter "extensions" Section 10.2.10 and
replaces the transport parameter exchange detailed above. The Alt-
Svc "extensions" parameter is optional. Session advertisements MAY
contain zero or more instances of this parameter. The parameter
lists transport parameter values present in the QUIC Transport
Parameter Registry as specified in Section 22.2 of [QUIC-TRANSPORT].
Only transport parameters which expressly reference Multicast QUIC
are considered valid extension parameters.
*Authors' Note:* The authors welcome suggestions for how to map
these extension types more cleanly into this document.
Participants SHOULD NOT join sessions advertising extensions that
they do not support, as QUIC frames are not self-describing.
3.7. Digest Algorithm
A method to provide content integrity is described in Section 6.1. A method to provide content integrity is described in Section 6.1.
This specifies the means to convey a value computed by a particular This specifies the means to convey a value computed by a particular
digest algorithm. The identity of the selected algorithm is also digest algorithm. The identity of the selected algorithm is also
indicated. Valid digest algorithms are collected in the IANA HTTP indicated. Valid digest algorithms are collected in the IANA HTTP
Digest Algorithm Values registry (http://www.iana.org/assignments/ Digest Algorithm Values registry (http://www.iana.org/assignments/
http-dig-alg/http-dig-alg.xhtml#http-dig-alg-1). http-dig-alg/http-dig-alg.xhtml#http-dig-alg-1).
This document specifies a "digest algorithm" session parameter, which This document specifies a "digest algorithm" session parameter, which
is advertised as the Alt-Svc parameter "digest-algorithm" is advertised as the Alt-Svc parameter "digest-algorithm"
(Section 10.2.9). (Section 10.2.8).
*Authors' Note:* Section 6.1 contains an author's note on the *Authors' Note:* Section 6.1 contains an author's note on the
potential for content integrity to become mandatory. This section potential for content integrity to become mandatory. This section
will be updated in line with the outcome of that decision. will be updated in line with the outcome of that decision.
The Alt-Svc "digest-algorithm" parameter is OPTIONAL. Repetition of The Alt-Svc "digest-algorithm" parameter is OPTIONAL. Repetition of
the "digest algorithm" parameter in a single advertisement describes the "digest algorithm" parameter in a single advertisement describes
an algorithm set that MAY be used across the session. Session an algorithm set that MAY be used across the session. Session
advertisements that omit the Alt-Svc parameter "digest-algorithm" advertisements that omit the Alt-Svc parameter "digest-algorithm"
imply that either: imply that either:
skipping to change at page 17, line 23 skipping to change at page 17, line 12
Advertising the algorithm set for a session gives receivers the Advertising the algorithm set for a session gives receivers the
opportunity to selectively join sessions where the algorithms are opportunity to selectively join sessions where the algorithms are
known to be supported. This may help to mitigate latency issues in known to be supported. This may help to mitigate latency issues in
the receiver resulting from joining a session only to discover some the receiver resulting from joining a session only to discover some
of its parameters are not supported. of its parameters are not supported.
A multicast sender participating in a session MUST NOT use algorithms A multicast sender participating in a session MUST NOT use algorithms
outside the signalled digest algorithm set. A receiver MAY leave any outside the signalled digest algorithm set. A receiver MAY leave any
session where an algorithm outside the digest algorithm set is used. session where an algorithm outside the digest algorithm set is used.
3.9. Signature Algorithm 3.8. Signature Algorithm
A method to provide content authenticity is described in Section 6.2. A method to provide content authenticity is described in Section 6.2.
This specifies the means to convey a value computed by a particular This specifies the means to convey a value computed by a particular
signature algorithm. The identity of the selected algorithm is also signature algorithm. The identity of the selected algorithm is also
indicated. Valid signature algorithms are collected in the IANA indicated. Valid signature algorithms are collected in the IANA
Signature Algorithms registry (http://www.iana.org/assignments/ Signature Algorithms registry (http://www.iana.org/assignments/
signature-algorithms). signature-algorithms).
This document specifies a "signature algorithm" session parameter, This document specifies a "signature algorithm" session parameter,
which is advertised as the Alt-Svc parameter "signature-algorithm" which is advertised as the Alt-Svc parameter "signature-algorithm"
(Section 10.2.10). (Section 10.2.9).
*Authors' Note:* Section 6.2 contains an author's note on the *Authors' Note:* Section 6.2 contains an author's note on the
potential for content authenticity to become mandatory. This potential for content authenticity to become mandatory. This
section will be updated in line with the outcome of that decision. section will be updated in line with the outcome of that decision.
The Alt-Svc "signature-algorithm" parameter is OPTIONAL. Repetition The Alt-Svc "signature-algorithm" parameter is OPTIONAL. Repetition
of the "signature algorithm" parameter in a single advertisement of the "signature algorithm" parameter in a single advertisement
describes an algorithm set that MAY be used across the session. describes an algorithm set that MAY be used across the session.
Session advertisements that omit the Alt-Svc parameter "signature- Session advertisements that omit the Alt-Svc parameter "signature-
algorithm" imply that either: algorithm" imply that either:
skipping to change at page 18, line 20 skipping to change at page 18, line 9
A multicast sender participating in a session MUST NOT use algorithms A multicast sender participating in a session MUST NOT use algorithms
outside the signalled signature algorithm set. A receiver MAY leave outside the signalled signature algorithm set. A receiver MAY leave
any session where an algorithm outside the signature algorithm set is any session where an algorithm outside the signature algorithm set is
used. used.
4. QUIC Profile 4. QUIC Profile
*Authors' Note:* The QUIC transport document is subject to change. *Authors' Note:* The QUIC transport document is subject to change.
This section is based on our best understanding of draft-ietf- This section is based on our best understanding of draft-ietf-
quic-transport-08. The authors will track developments and will quic-transport-25. The authors will track developments and will
update this section accordingly. update this section accordingly.
The profile of [QUIC-TRANSPORT] is presented in this section. In The profile of [QUIC-TRANSPORT] is presented in this section. In
order to preserve compatibility with conventional QUIC, the order to preserve compatibility with conventional QUIC, the
specification works with a limited scope of change. However, the specification works with a limited scope of change. However, the
nature of unidirectional multicast communications means that some nature of unidirectional multicast communications means that some
protocol procedures or behaviours need to be modified. protocol procedures or behaviours need to be modified.
Section 5.4 of [QUIC-TRANSPORT] defines a set of required actions
that a QUIC server and QUIC client must be able to perform. Due to
the limitations of this profile, all of the requirements in
Section 5.4 of [QUIC-TRANSPORT] are removed except for:
o Configuring the minimum and total number of permitted streams of
each type is described in Section 3.5.
o Multicast QUIC senders may still send "PING" frames to stop a
session from expiring as described in Section 4.10.
4.1. Packet Size 4.1. Packet Size
The means for determining an appropriate size for QUIC packets are The means for determining an appropriate size for QUIC packets are
described in Section 14 of [QUIC-TRANSPORT]. Implementations of this described in Section 14 of [QUIC-TRANSPORT]. Implementations of this
specification SHOULD bear in mind that the Path Maximum Transmission specification SHOULD bear in mind that the Path Maximum Transmission
Unit (PTMU) may be affected by multicast IP technologies such as Unit (PTMU) may be affected by multicast IP technologies such as
Automatic Multicast Tunneling (AMT) [RFC7450]. Additionally, Automatic Multicast Tunneling (AMT) [RFC7450]. Additionally,
consideration should be given toward the applicability of maximum consideration should be given toward the applicability of maximum
transmission unit discovery methods (such as PLPMTUD [RFC4821] and transmission unit discovery methods (such as PLPMTUD [RFC4821] and
PMTUD [RFC1191]) to multicast IP. PMTUD [RFC1191]) to multicast IP.
skipping to change at page 19, line 7 skipping to change at page 19, line 7
same UDP datagram. Therefore, all UDP datagrams sent by senders same UDP datagram. Therefore, all UDP datagrams sent by senders
conforming to this profile contain exactly one QUIC packet. conforming to this profile contain exactly one QUIC packet.
4.2.1. Packet Numbers 4.2.1. Packet Numbers
All packets for this profile SHALL be numbered in the application All packets for this profile SHALL be numbered in the application
data packet number space. The initial and handshake packet number data packet number space. The initial and handshake packet number
spaces are not used by this profile, as the handshake is replaced by spaces are not used by this profile, as the handshake is replaced by
an out-of-band mechanism (see Section 2.4). an out-of-band mechanism (see Section 2.4).
Because a recevier may join a session after the sender has already The encoding of packet numbers in QUIC packets is described in
sent several packets, it MUST NOT assume that the first packet number Section 17.1 of [QUIC-TRANSPORT]. Senders must always use the same
will be 0. number of bytes to represent the packet number for all packets sent
to a session. Because a receiver may join a session after the sender
has already sent several packets, it MUST NOT assume that the first
packet number will be 0.
4.2.2. Spin Bit 4.2.2. Spin Bit
[QUIC-TRANSPORT] specifies a bit in the short packet header as the [QUIC-TRANSPORT] specifies a bit in the short packet header as the
latency spin bit that may be used to measure network round trip latency spin bit that may be used to measure network round trip
latency between a client and a server. This mechanism is not usable latency between a client and a server. This mechanism is not usable
in a unidirectional multicast packet flow. Senders SHALL set the in a unidirectional multicast packet flow. Senders SHALL set the
spin bit to zero in all packets. Receivers SHOULD ignore the spin spin bit to zero in all packets. Receivers SHOULD ignore the spin
bit. bit.
*Authors' Note:* The authors welcome suggestions for the use of *Authors' Note:* The authors welcome suggestions for the use of
the spin bit in a multicast context. the spin bit in a multicast context.
4.3. Connection Identifier 4.3. Connection Identifier
The Destination Connection ID field MUST be present in every QUIC The Destination Connection ID field MUST be present in every QUIC
packet if the session was advertised with a "session-id" session packet if the session was advertised with a "session-id" session
parameter (Section 10.2.5). If there is no Session ID session parameter (Section 10.2.4). If there is no Session ID session
parameter, then the Destination Connection ID MUST NOT be present in parameter, then the Destination Connection ID MUST NOT be present in
any QUIC packet for that session. In the case where multiple any QUIC packet for that session. In the case where multiple
sessions are multiplexed on the same 5-tuple network association, the sessions are multiplexed on the same 5-tuple network association, the
Destination Connection ID field MUST be present in every QUIC packet Destination Connection ID field MUST be present in every QUIC packet
and must be distinct for each session. and must be distinct for each session.
4.4. Stream Identifier 4.4. Stream Identifier
The maximum Stream ID of a multicast QUIC session is 2^62, as The maximum Stream ID of a multicast QUIC session is 2^62, as
explained in Section 3.6. With the exception of the first client- explained in Section 3.5. With the exception of the first client-
initiated request Stream ID, which is reserved as described in initiated request Stream ID, which is reserved as described in
Section 5.2, all Stream ID values SHALL be of the server-initiated Section 5.2, all Stream ID values SHALL be of the server-initiated
unidirectional stream type. unidirectional stream type.
4.5. Flow Control 4.5. Flow Control
Conventional QUIC provides stream- and connection-level flow control, Conventional QUIC provides stream- and connection-level flow control,
and endpoints manage this by sending QUIC "MAX_DATA" or and endpoints manage this by sending QUIC "MAX_DATA" or
"MAX_STREAM_DATA" frames as required. When a sender is blocked from "MAX_STREAM_DATA" frames as required. When a sender is blocked from
sending flow-controlled frames, it sends an informational QUIC sending flow-controlled frames, it sends an informational QUIC
skipping to change at page 20, line 31 skipping to change at page 20, line 34
4.7. Connection Shutdown 4.7. Connection Shutdown
Explicit shutdown of a multicast QUIC session using QUIC methods is Explicit shutdown of a multicast QUIC session using QUIC methods is
not supported by this profile. not supported by this profile.
The QUIC "APPLICATION_CLOSE" and "CONNECTION_CLOSE" frames, and the The QUIC "APPLICATION_CLOSE" and "CONNECTION_CLOSE" frames, and the
Stateless Reset packet are prohibited. Participants MUST NOT send Stateless Reset packet are prohibited. Participants MUST NOT send
these and reception MUST be handled as described in Section 4.12. these and reception MUST be handled as described in Section 4.12.
Explicit session tear-down using HTTP semantics is allowed, as Explicit session tear-down using HTTP semantics is allowed, as
described in Section 5.5. described in Section 5.4.
Implicit shutdown by means of silent close is also supported, as Implicit shutdown by means of silent close is also supported, as
described in Section 3.4. described in Section 3.3.
4.8. Connection Migration 4.8. Connection Migration
[QUIC-TRANSPORT] has a connection migration feature that allows a [QUIC-TRANSPORT] has a connection migration feature that allows a
connection to survive changes to endpoint addresses. This profile connection to survive changes to endpoint addresses. This profile
does not currently support connection migration, and as such the QUIC does not currently support connection migration, and as such the QUIC
"NEW_CONNECTION_ID" and "RETIRE_CONNECTION_ID" frames are prohibited. "NEW_CONNECTION_ID" and "RETIRE_CONNECTION_ID" frames are prohibited.
Similarly, the QUIC "PATH_CHALLENGE" and "PATH_RESPONSE" frames are Similarly, the QUIC "PATH_CHALLENGE" and "PATH_RESPONSE" frames are
also prohibited, but additionally because they require bidirectional also prohibited, but additionally because they require bidirectional
capability that this profile does not provide. capability that this profile does not provide.
Endpoints participating in a session conforming to this profile Endpoints participating in a session conforming to this profile MUST
should only expect to use a single session ID for the duration of the only use a single session ID for the duration of the session, and as
session, and as such there is no mapping for the such there is no mapping for the "active_connection_id_limit"
"active_connection_id_limit" transport parameter specified in section transport parameter specified in section 5.1.1 of [QUIC-TRANSPORT] in
5.1.1 of [QUIC-TRANSPORT] in this profile. this profile.
*Author's Note*: Seamless migration from one multicast QUIC *Author's Note*: Seamless migration from one multicast QUIC
session to another is described in Section 2.1.3. session to another is described in Section 2.1.3.
4.9. Explicit Congestion Notification 4.9. Explicit Congestion Notification
[QUIC-TRANSPORT] specifies that clients may use Explicit Congestion [QUIC-TRANSPORT] specifies that clients may use Explicit Congestion
Notification (ECN) [RFC3168]. ECN allows receivers to inform senders Notification (ECN) [RFC3168]. ECN allows receivers to inform senders
of impending congestion before packets are dropped, and the sender of impending congestion before packets are dropped, and the sender
may then reduce its transmission rate. As ECN requires bidirectional may then reduce its transmission rate. As ECN requires bidirectional
skipping to change at page 22, line 12 skipping to change at page 22, line 12
Section 7 specifies alternative strategies for loss recovery. Section 7 specifies alternative strategies for loss recovery.
4.12. Prohibited QUIC Frames and Packets 4.12. Prohibited QUIC Frames and Packets
The following QUIC packets MUST NOT be transmitted by participants: The following QUIC packets MUST NOT be transmitted by participants:
Any packets with a long header (Initial, 0-RTT Protected, Handshake, Any packets with a long header (Initial, 0-RTT Protected, Handshake,
Retry), Version Negotiation, Stateless Reset. Retry), Version Negotiation, Stateless Reset.
The following QUIC frames MUST NOT be transmitted by participants: The following QUIC frames MUST NOT be transmitted by participants:
"ACK", "CONNECTION_CLOSE", "CRYPTO", "DATA_BLOCKED", "MAX_DATA", "ACK", "CONNECTION_CLOSE", "CRYPTO", "DATA_BLOCKED",
"MAX_STREAM_DATA", "MAX_STREAMS", "NEW_CONNECTION_ID", "NEW_TOKEN", "HANDSHAKE_DONE", "MAX_DATA", "MAX_STREAM_DATA", "MAX_STREAMS",
"PATH_CHALLENGE", "PATH_RESPONSE", "RETIRE_CONNECTION_ID", "NEW_CONNECTION_ID", "NEW_TOKEN", "PATH_CHALLENGE", "PATH_RESPONSE",
"STOP_SENDING", "STREAM_DATA_BLOCKED", "STREAMS_BLOCKED". "RETIRE_CONNECTION_ID", "STOP_SENDING", "STREAM_DATA_BLOCKED",
"STREAMS_BLOCKED".
In addition, any QUIC extension frames not advertised in the session
advertisement Section 3.6 MUST NOT be transmitted by participants.
The following QUIC frames MUST NOT be transmitted by receivers: The following QUIC frames MUST NOT be transmitted by receivers:
"PING", "RESET_STREAM". "PING", "RESET_STREAM".
Reception of a prohibited QUIC frame or packet is a protocol error. Reception of a prohibited or non-advertised QUIC frame or packet is a
Receivers MUST ignore all prohibited QUIC frames and packets. protocol error. Receivers MUST ignore all prohibited QUIC frames and
packets.
5. HTTP/3 Profile 5. HTTP/3 Profile
*Authors' Note:* The HTTP/3 mapping document is subject to change. *Authors' Note:* The HTTP/3 mapping document is subject to change.
This section is based on our best understanding of draft-ietf- This section is based on our best understanding of draft-ietf-
quic-http-17. The authors will track developments and will update quic-http-25. The authors will track developments and will update
this section accordingly. this section accordingly.
HTTP over multicast QUIC depends on HTTP server push, as described in HTTP over multicast QUIC depends on HTTP server push, as described in
Section 4.4 of [QUIC-HTTP]. Section 5.2 below applies an additional Section 4.4 of [QUIC-HTTP]. Section 5.2 below applies an additional
constraint on the use of server push. A multicast sender constraint on the use of server push. A multicast sender
participating in a session pushes resources as a series of QUIC participating in a session pushes resources as a series of QUIC
"STREAM" frames carrying HTTP/3 "PUSH_PROMISE", "HEADERS" and "DATA" "STREAM" frames carrying HTTP/3 "PUSH_PROMISE", "HEADERS" and "DATA"
frames. Examples of this are provided in Appendix B.2. Senders MUST frames. Examples of this are provided in Appendix B.2. Senders MUST
comply with the requirements of the session parameters, as described comply with the requirements of the session parameters, as described
earlier in Section 3. earlier in Section 3.
The profile of HTTP/3 specified in this section places additional The profile of HTTP/3 specified in this section places additional
constrains on the use of metadata compression (Section 5.3) and constraints on the use of metadata compression (Section 5.3).
prioritisation (Section 5.4).
5.1. HTTP Connection Settings 5.1. HTTP Connection Settings
The HTTP/3 "SETTINGS" frame is prohibited by this profile. The HTTP/3 "SETTINGS" frame is prohibited by this profile.
Participants MUST NOT make any attempt to send this frame type. Participants MUST NOT make any attempt to send this frame type.
Reception of this frame MUST be handled as described in Section 5.7. Reception of this frame MUST be handled as described in Section 5.6.
5.2. Server Push 5.2. Server Push
Server push is, by default, disabled for HTTP/3 connections. A Server push is, by default, disabled for HTTP/3 connections. A
conventional HTTP/3 client enables and manages server push by conventional HTTP/3 client enables and manages server push by
controlling the maximum Push ID ([QUIC-HTTP], Section 5.2.6), controlling the maximum Push ID ([QUIC-HTTP], Section 7.2.7),
achieved by sending the HTTP/3 "MAX_PUSH_ID" frame. achieved by sending the HTTP/3 "MAX_PUSH_ID" frame.
This profile mandates the use of server push, and specifies no means This profile mandates the use of server push, and specifies no means
to disable it. The maximum Push ID for multicast QUIC sessions to disable it. The maximum Push ID for multicast QUIC sessions
(initial and always) is 2^62. Values of Push ID SHALL be allocated (initial and always) is 2^62. Values of Push ID SHALL be allocated
in accordance with [QUIC-HTTP]. in accordance with [QUIC-HTTP].
Server push concurrency in multicast QUIC is described in Server push concurrency in multicast QUIC is described in
Section 3.6. There is no role for the HTTP/3 "MAX_PUSH_ID" frame and Section 3.5. There is no role for the HTTP/3 "MAX_PUSH_ID" frame and
it is prohibited. Participants MUST NOT send this frame type. it is prohibited. Participants MUST NOT send this frame type.
Reception of this frame type MUST be handled as described in Reception of this frame type MUST be handled as described in
Section 5.7. Section 5.6.
For this profile, the Stream Type for any new server-initiated For this profile, the Stream Type for any new server-initiated
unidirectional stream MUST be Server Push ("0x01"). unidirectional stream MUST be Server Push ("0x01").
The HTTP/3 "CANCEL_PUSH" frame MAY be used by sending participants to The HTTP/3 "CANCEL_PUSH" frame MAY be used by sending participants to
abort sending a response for the identified server push. Usage of abort sending a response for the identified server push. Usage of
this frame SHALL follow the guidance for servers in [QUIC-HTTP]. this frame SHALL follow the guidance for servers in [QUIC-HTTP].
Receiving participants MUST NOT make any attempt to send HTTP/3 Receiving participants MUST NOT make any attempt to send HTTP/3
"CANCEL_PUSH" frames to the multicast group. "CANCEL_PUSH" frames to the multicast group.
skipping to change at page 24, line 9 skipping to change at page 24, line 9
encoding. encoding.
A multicast QUIC session, as described in the present document, does A multicast QUIC session, as described in the present document, does
not provide the assurances (receiver participation, transport not provide the assurances (receiver participation, transport
reliability) required to sufficiently maintain the dynamic decoding reliability) required to sufficiently maintain the dynamic decoding
context. Therefore, this document requires that endpoints SHALL NOT context. Therefore, this document requires that endpoints SHALL NOT
use dynamic indexing. It is RECOMMENDED that endpoints use static use dynamic indexing. It is RECOMMENDED that endpoints use static
indexing and/or Huffman encoding in order to benefit from the indexing and/or Huffman encoding in order to benefit from the
remaining compression methods available. remaining compression methods available.
5.4. Prioritisation 5.4. Session Tear-down
The HTTP/3 "PRIORITY" frame is prohibited by this profile.
Participants MUST NOT make any attempt to send this frame type.
Reception of this frame MUST be handled as described in Section 5.7.
5.5. Session Tear-down
A multicast QUIC session MAY be explicitly torn down by means of the A multicast QUIC session MAY be explicitly torn down by means of the
"Connection: close" HTTP header described in section 6.6 of "Connection: close" HTTP header described in section 6.6 of
[RFC7230]. A sender intending to leave the session SHOULD include [RFC7230]. A sender intending to leave the session SHOULD include
the "Connection: close" header in its response metadata. A sender the "Connection: close" header in its response metadata. A sender
SHOULD transmit all outstanding frames related to remaining request/ SHOULD transmit all outstanding frames related to remaining request/
response exchanges before ending transmission to the multicast group. response exchanges before ending transmission to the multicast group.
A receiver SHOULD continue to receive and process frames until all A receiver SHOULD continue to receive and process frames until all
outstanding request/response exchanges are complete. outstanding request/response exchanges are complete.
The HTTP/3 "GOAWAY" frame is prohibited. Participants MUST NOT send The HTTP/3 "GOAWAY" frame is prohibited. Participants MUST NOT send
this and reception MUST be handled as described in Section 5.7. this and reception MUST be handled as described in Section 5.6.
5.6. HTTP/3 Extension frames 5.5. HTTP/3 Extension frames
HTTP/3 extension frames (e.g. "ALTSVC") are prohibited by this HTTP/3 extension frames (e.g. "ALTSVC") are prohibited by this
profile. Participants MUST NOT make any attempt to send extension profile. Participants MUST NOT make any attempt to send extension
frame types. Reception of these MUST be handled as described in frame types. Reception of these MUST be handled as described in
Section 5.7. Section 5.6.
5.7. Prohibited HTTP/3 Frames 5.6. Prohibited HTTP/3 Frames
The following HTTP/3 frames MUST NOT be transmitted by participants: The following HTTP/3 frames MUST NOT be transmitted by participants:
"DUPLICATE_PUSH", "GOAWAY", "MAX_PUSH_ID", "PRIORITY", "SETTINGS". "DUPLICATE_PUSH", "GOAWAY", "MAX_PUSH_ID", "SETTINGS".
In addition, all HTTP/3 extension frame types MUST NOT be transmitted In addition, all HTTP/3 extension frame types MUST NOT be transmitted
by participants. by participants.
The following HTTP/3 frames MUST NOT be transmitted by receivers: The following HTTP/3 frames MUST NOT be transmitted by receivers:
"CANCEL_PUSH". "CANCEL_PUSH".
Reception of a prohibited HTTP/3 frame is a protocol error. Reception of a prohibited HTTP/3 frame is a protocol error.
Receivers MUST ignore prohibited HTTP/3 frames. Receivers MUST ignore prohibited HTTP/3 frames.
6. Application-Layer Security 6. Application-Layer Security
As already described in Section 3.2, the implicit cipher suite used As already described in Section 3.1, the implicit cipher suite used
by a multicast QUIC session makes very limited provision for security by a multicast QUIC session makes very limited provision for security
in the transport and session layers. This section profiles the use in the transport and session layers. This section profiles the use
of some additional features to provide equivalent functionality at of some additional features to provide equivalent functionality at
the application-layer. the application-layer.
6.1. Content Integrity 6.1. Content Integrity
In many applications, it is important to ensure that an HTTP In many applications, it is important to ensure that an HTTP
representation has been received intact (i.e. has not suffered from representation has been received intact (i.e. has not suffered from
transmission loss or random bit errors) before passing the received transmission loss or random bit errors) before passing the received
skipping to change at page 28, line 42 skipping to change at page 28, line 32
status code 206. status code 206.
* The range being transmitted SHALL be indicated in a "content- * The range being transmitted SHALL be indicated in a "content-
range" header field and the size of the complete resource range" header field and the size of the complete resource
indicated in a "content-length" header field. indicated in a "content-length" header field.
9. Protocol Identifier 9. Protocol Identifier
The HTTP over multicast QUIC protocol specified in this document is The HTTP over multicast QUIC protocol specified in this document is
identified by the application-layer protocol negotiation (ALPN) identified by the application-layer protocol negotiation (ALPN)
[RFC7301] identifier "hqm". The IANA registration of this protocol [RFC7301] identifier "h3m". The IANA registration of this protocol
identifier can be found in Section 12.1. This reserves the ALPN identifier can be found in Section 12.1. This reserves the ALPN
identifier space but describes a protocol that does not use TLS. The identifier space but describes a protocol that does not use TLS. The
usage of the "hqm" identifier for discoverability is described in usage of the "h3m" identifier for discoverability is described in
Section 10. Section 10.
9.1. Draft Version Identification 9.1. Draft Version Identification
*RFC Editor's Note:* Please remove this section prior to *RFC Editor's Note:* Please remove this section prior to
publication of a final version of this document. publication of a final version of this document.
Only implementations of the final, published RFC can identify Only implementations of the final, published RFC can identify
themselves as "hqm". Until such an RFC exists, implementations MUST themselves as "h3m". Until such an RFC exists, implementations MUST
NOT identify themselves using this string. NOT identify themselves using this string.
Implementations of draft versions of the protocol MUST add the string Implementations of draft versions of the protocol MUST add the string
"-" and the corresponding draft number to the identifier. For "-" and the corresponding draft number to the identifier. For
example, draft-pardue-quic-http-mcast-00 is identified using the example, draft-pardue-quic-http-mcast-06 is identified using the
string "hqm-00". string "h3m-06".
Non-compatible experiments that are based on these draft versions Non-compatible experiments that are based on these draft versions
MUST append the string "-" and an experiment name to the identifier. MUST append the string "-" and an experiment name to the identifier.
For example, an experimental implementation based on draft-pardue- For example, an experimental implementation based on draft-pardue-
quic-http-mcast-09 which removes the requirement to ensure version quic-http-mcast-06 which uses extension features not registered with
matches might identify itself as "hqm-09-version-ignorant". Note the appropriate IANA registry might identify itself as "h3m-06-
that any label MUST conform to the "token" syntax defined in extension-foo". Note that any label MUST conform to the "token"
Section 3.2.6 of [RFC7230]. Experimenters are encouraged to syntax defined in Section 3.2.6 of [RFC7230]. Experimenters are
coordinate their experiments. encouraged to coordinate their experiments.
10. Discovery of Multicast QUIC Sessions 10. Discovery of Multicast QUIC Sessions
The announcement and discovery of services operating over multicast The announcement and discovery of services operating over multicast
IP has previously been specified by the Session Description Protocol IP has previously been specified by the Session Description Protocol
(SDP) [RFC4566], Session Announcement Protocol [RFC2974] and Session (SDP) [RFC4566], Session Announcement Protocol [RFC2974] and Session
Initiation Protocol [RFC3261]. These are typically deployed together Initiation Protocol [RFC3261]. These are typically deployed together
and in conjunction with a multicast-friendly transport such as the and in conjunction with a multicast-friendly transport such as the
Real-time Transport Protocol (RTP) [RFC3550]. Real-time Transport Protocol (RTP) [RFC3550].
skipping to change at page 29, line 52 skipping to change at page 29, line 43
then transparently switch to it. then transparently switch to it.
Symmetrically, the "Alt-Svc" header can also be used to advertise the Symmetrically, the "Alt-Svc" header can also be used to advertise the
unicast service from a multicast service. A resource transmitted as unicast service from a multicast service. A resource transmitted as
part of a multicast QUIC session MAY be decorated with an Alt-Svc part of a multicast QUIC session MAY be decorated with an Alt-Svc
value that hints to the client about the availability of the resource value that hints to the client about the availability of the resource
via an alternative unicast HTTP server. A receiver MAY then use this via an alternative unicast HTTP server. A receiver MAY then use this
HTTP server for unicast resource patching (Section 7.2). HTTP server for unicast resource patching (Section 7.2).
Where HTTP over multicast QUIC sessions are advertised using Alt-Svc, Where HTTP over multicast QUIC sessions are advertised using Alt-Svc,
the protocol identifier SHALL be "hqm", as specified in Section 9. the protocol identifier SHALL be "h3m", as specified in Section 9.
10.1. Source-specific Multicast Advertisement 10.1. Source-specific Multicast Advertisement
Source-specific multicast (SSM) [RFC4607] MAY be used for the Source-specific multicast (SSM) [RFC4607] MAY be used for the
delivery of multicast services. delivery of multicast services.
*Authors' Note:* We invite review comments on mandating the use of *Authors' Note:* We invite review comments on mandating the use of
source-specific multicast only. source-specific multicast only.
This document specifies the "source-address" parameter for Alt-Svc, This document specifies the "source-address" parameter for Alt-Svc,
skipping to change at page 30, line 33 skipping to change at page 30, line 25
When a multicast QUIC session is provided using SSM, the "source- When a multicast QUIC session is provided using SSM, the "source-
address" parameter MUST be advertised. address" parameter MUST be advertised.
10.2. Session Parameter Advertisement 10.2. Session Parameter Advertisement
The concept of session parameters is introduced in Section 2.2. This The concept of session parameters is introduced in Section 2.2. This
section details how the session parameters are expressed as Alt-Svc section details how the session parameters are expressed as Alt-Svc
parameters. parameters.
10.2.1. Version 10.2.1. Cipher Suite
The version of QUIC supported in a multicast QUIC session is
advertised with the "quic" parameter. The requirements for endpoint
usage of "quic" are specified in Section 3.1.
10.2.2. Cipher Suite
This document specifies the "cipher-suite" parameter for Alt-Svc, This document specifies the "cipher-suite" parameter for Alt-Svc,
which carries the cipher suite in use by a multicast QUIC session. which carries the cipher suite in use by a multicast QUIC session.
"cipher-suite" MUST contain one of the values contained in the TLS "cipher-suite" MUST contain one of the values contained in the TLS
Cipher Suite Registry (http://www.iana.org/assignments/tls- Cipher Suite Registry (http://www.iana.org/assignments/tls-
parameters/tls-parameters.xhtml#tls-parameters-4): parameters/tls-parameters.xhtml#tls-parameters-4):
Syntax: Syntax:
cipher-suite = 4*4 HEXDIG cipher-suite = 4*4 HEXDIG
For example, the following specifies cipher suite 0x13,0x01 For example, the following specifies cipher suite 0x13,0x01
("TLS_AES_128_GCM_SHA256"): ("TLS_AES_128_GCM_SHA256"):
cipher-suite=1301 cipher-suite=1301
The requirements for endpoint usage of "cipher-suite" are described The requirements for endpoint usage of "cipher-suite" are described
in Section 3.2. in Section 3.1.
10.2.3. Session Key 10.2.2. Session Key
This document specifies the "key" parameter for Alt-Svc, which This document specifies the "key" parameter for Alt-Svc, which
carries the cryptographic key in use by the multicast QUIC session. carries the cryptographic key in use by the multicast QUIC session.
Syntax: Syntax:
key = *HEXDIG key = *HEXDIG
For example: For example:
key=4adf1eab9c2a37fd key=4adf1eab9c2a37fd
The requirements for endpoint usage of "key" are described in The requirements for endpoint usage of "key" are described in
Section 3.2. Section 3.1.
10.2.4. Session Cipher Initialization Vector 10.2.3. Session Cipher Initialization Vector
This document specifies the "iv" parameter for Alt-Svc, which carries This document specifies the "iv" parameter for Alt-Svc, which carries
the cipher Initialization Vector (IV) in use by the multicast QUIC the cipher Initialization Vector (IV) in use by the multicast QUIC
session. session.
Syntax: Syntax:
iv = *HEXDIG iv = *HEXDIG
For example: For example:
iv=4dbe593acb4d1577ad6ba7dc3189834e iv=4dbe593acb4d1577ad6ba7dc3189834e
The requirements for endpoint usage of "iv" are described in The requirements for endpoint usage of "iv" are described in
Section 3.2. Section 3.1.
10.2.5. Session Identification 10.2.4. Session Identification
This document defines the "session-id" parameter for Alt-Svc, which This document defines the "session-id" parameter for Alt-Svc, which
carries the multicast QUIC session identifier. carries the multicast QUIC session identifier.
Syntax: Syntax:
session-id = *HEXDIG session-id = *HEXDIG
For example, the following specifies session 101 (0x65 hexadecimal): For example, the following specifies session 101 (0x65 hexadecimal):
session-id=65 session-id=65
The requirements for endpoint usage of "session-id" are described in The requirements for endpoint usage of "session-id" are described in
Section 2.3. In the above example, the Destination Connection ID Section 2.3. In the above example, the Destination Connection ID
field in every QUIC packet header would be one byte in size. For a field in every QUIC packet header would be one byte in size. For a
session-id of BADBEEF then then Destintation Connection ID field in session-id of BADBEEF then then Destintation Connection ID field in
every QUIC packet header would be four bytes in size. every QUIC packet header would be four bytes in size.
10.2.6. Session Idle Timeout Period 10.2.5. Session Idle Timeout Period
This document specifies the "session-idle-timeout" parameter for Alt- This document specifies the "session-idle-timeout" parameter for Alt-
Svc, which carries the idle timeout period of a multicast QUIC Svc, which carries the idle timeout period of a multicast QUIC
session. session.
Syntax: Syntax:
session-idle-timeout = *DIGIT ; number of seconds between 0 and 600 session-idle-timeout = *DIGIT ; number of seconds between 0 and 600
For example, the following specifies a one-minute session idle For example, the following specifies a one-minute session idle
timeout period: timeout period:
session-idle-timeout=60 session-idle-timeout=60
The requirements for endpoint usage of "session-idle-timeout" are The requirements for endpoint usage of "session-idle-timeout" are
described in Section 3.4. described in Section 3.3.
10.2.7. Resource Concurrency 10.2.6. Resource Concurrency
This document specifies the "max-concurrent-resources" parameter for This document specifies the "max-concurrent-resources" parameter for
Alt-Svc, which expresses the maximum number of concurrent active Alt-Svc, which expresses the maximum number of concurrent active
resources from the sender in a multicast QUIC session. resources from the sender in a multicast QUIC session.
Syntax: Syntax:
max-concurrent-resources = *DIGIT ; unsigned 32-bit integer max-concurrent-resources = *DIGIT ; unsigned 32-bit integer
For example, the following specifies that no more than 12 (decimal) For example, the following specifies that no more than 12 (decimal)
resources will be concurrently active in the session: resources will be concurrently active in the session:
max-concurrent-resources=12 max-concurrent-resources=12
The requirements for endpoint usage of "max-concurrent-resources" are The requirements for endpoint usage of "max-concurrent-resources" are
described in Section 3.6. described in Section 3.5.
10.2.8. Session Peak Flow Rate 10.2.7. Session Peak Flow Rate
This document specifies the "peak-flow-rate" parameter for Alt-Svc, This document specifies the "peak-flow-rate" parameter for Alt-Svc,
which expresses the expected maximum aggregate transfer rate of data which expresses the expected maximum aggregate transfer rate of data
from all sources of the multicast QUIC session. from all sources of the multicast QUIC session.
Syntax: Syntax:
peak-flow-rate = *DIGIT ; bits per second peak-flow-rate = *DIGIT ; bits per second
For example, the following specifies a peak flow rate of 550 kbits/s For example, the following specifies a peak flow rate of 550 kbits/s
in the session: in the session:
peak-flow-rate=550000 peak-flow-rate=550000
The requirements for endpoint usage of "peak-flow-rate" are described The requirements for endpoint usage of "peak-flow-rate" are described
in Section 3.5. in Section 3.4.
10.2.9. Digest Algorithm 10.2.8. Digest Algorithm
This document specifies the "digest-algorithm" parameter for Alt-Svc, This document specifies the "digest-algorithm" parameter for Alt-Svc,
which carries the digest algorithm in use by a multicast QUIC which carries the digest algorithm in use by a multicast QUIC
session. "digest-algorithm" MUST contain one of the values defined in session. "digest-algorithm" MUST contain one of the values defined in
the HTTP Digest Algorithm Values registry the HTTP Digest Algorithm Values registry
(https://www.iana.org/assignments/http-dig-alg/http-dig- (https://www.iana.org/assignments/http-dig-alg/http-dig-
alg.xhtml#http-dig-alg-1). alg.xhtml#http-dig-alg-1).
Syntax: Syntax:
digest-algorithm = token digest-algorithm = token
For example, the following specifies a digest algorithm of SHA-256: For example, the following specifies a digest algorithm of SHA-256:
digest-algorithm=SHA-256 digest-algorithm=SHA-256
The requirements for endpoint usage of "digest-algorithm" are The requirements for endpoint usage of "digest-algorithm" are
described in Section 3.8. described in Section 3.7.
10.2.10. Signature Algorithm 10.2.9. Signature Algorithm
This document specifies the "signature-algorithm" parameter for Alt- This document specifies the "signature-algorithm" parameter for Alt-
Svc, which carries the signature algorithm in use by a multicast QUIC Svc, which carries the signature algorithm in use by a multicast QUIC
session. "signature-algorithm" MUST contain one of the values defined session. "signature-algorithm" MUST contain one of the values defined
in the Signature Algorithms registry in the Signature Algorithms registry
(http://www.iana.org/assignments/signature-algorithms). (http://www.iana.org/assignments/signature-algorithms).
Syntax: Syntax:
signature-algorithm = token signature-algorithm = token
For example, the following specifies a signature algorithm of SHA- For example, the following specifies a signature algorithm of SHA-
256: 256:
signature-algorithm=rsa-sha256 signature-algorithm=rsa-sha256
The requirements for endpoint usage of "signature-algorithm" are The requirements for endpoint usage of "signature-algorithm" are
described in Section 3.9. described in Section 3.8.
10.2.10. Extensions
This document specifies the "extensions" parameter for Alt-Svc, which
carries a list of extension types potentially in use by a multicast
QUIC session. "extensions" MUST only contain values from the QUIC
Transport Parameter registry ([QUIC-TRANSPORT], section 22.2) that
have explicit support for multicast QUIC. Each entry in the list
consists of a key identifying the transport parameter, and an
optional value. Both the key and the value are hex-encoded.
Syntax:
extensions = DQUOTE ext-transport-param
*[ "," ext-transport-param ] DQUOTE
ext-transport-param = ext-key [ "=" ext-value ]
ext-key = 4*4HEXDIG; Transport Parameter key
ext-value = *HEXDIG; Optional Transport Parameter value
For example, the following specifies two extensions:
extensions="0094,0d0d=f00"
The requirements for endpoint usage of "extensions" are described in
Section 3.6
11. Security and Privacy Considerations 11. Security and Privacy Considerations
This document specifies a profile of QUIC and HTTP/3 that changes the This document specifies a profile of QUIC and HTTP/3 that changes the
security model. In order to address this, application-level security security model. In order to address this, application-level security
methods are described in Section 6. This document does not preclude methods are described in Section 6. This document does not preclude
the use of secure multicast approaches that may provide additional the use of secure multicast approaches that may provide additional
security assurances required for certain use cases. security assurances required for certain use cases.
The use of side-channel or out-of-band technologies (potentially The use of side-channel or out-of-band technologies (potentially
skipping to change at page 35, line 31 skipping to change at page 35, line 34
Sessions that use a symmetric key for packet protection are subject Sessions that use a symmetric key for packet protection are subject
to the possibility of a malicious actor modifying traffic at some to the possibility of a malicious actor modifying traffic at some
point in the network between a legitimate sender and one (or more) point in the network between a legitimate sender and one (or more)
receivers. Receiver-side validation, as specified in Section 6 of receivers. Receiver-side validation, as specified in Section 6 of
the present document, and also in [QUIC-TRANSPORT], allows for the the present document, and also in [QUIC-TRANSPORT], allows for the
detection of such modification. Two approaches help mitigate the detection of such modification. Two approaches help mitigate the
impact of modification; the first is application-level methods that impact of modification; the first is application-level methods that
protect data (Section 6.1) and metadata (Section 6.2); the second is protect data (Section 6.1) and metadata (Section 6.2); the second is
reduction of the QUIC packet attack surface by means of removal of reduction of the QUIC packet attack surface by means of removal of
many frame types (Section 4.12 and Section 5.7). many frame types (Section 4.12 and Section 5.6).
11.2. Protection of Discovery Mechanism 11.2. Protection of Discovery Mechanism
Multicast QUIC session advertisements SHOULD be conveyed over a Multicast QUIC session advertisements SHOULD be conveyed over a
secure transport that guarantees authenticity and integrity in order secure transport that guarantees authenticity and integrity in order
to mitigate attacks related to a malicious service advertisement, for to mitigate attacks related to a malicious service advertisement, for
example a "man in the middle" directing endpoints to a service that example a "man in the middle" directing endpoints to a service that
may lead to other attacks or exploitations. may lead to other attacks or exploitations.
*Authors' Note:* We invite review comments on mandating the use of *Authors' Note:* We invite review comments on mandating the use of
skipping to change at page 37, line 29 skipping to change at page 37, line 29
11.6.1. Unprotected Frames and Packets 11.6.1. Unprotected Frames and Packets
The handling of unprotected QUIC packets is discussed in section The handling of unprotected QUIC packets is discussed in section
9.1.4 of [QUIC-TLS]. The profile described in the present document 9.1.4 of [QUIC-TLS]. The profile described in the present document
provides the means for a multicast sender to protect QUIC packets provides the means for a multicast sender to protect QUIC packets
with a shared key, which is not a strong protection. The weak with a shared key, which is not a strong protection. The weak
protection of QUIC packets could present a denial-of-service risk. protection of QUIC packets could present a denial-of-service risk.
To mitigate the impact of handling such QUIC packets, certain frames To mitigate the impact of handling such QUIC packets, certain frames
and packets are prohibited as described in (Section 4.12 and and packets are prohibited as described in (Section 4.12 and
Section 5.7). Section 5.6).
The frame types that are allowed by this profile do not present a The frame types that are allowed by this profile do not present a
risk of denial of service. Concerns over authenticity and integrity risk of denial of service. Concerns over authenticity and integrity
are addressed by the application-layer protection mechanisms are addressed by the application-layer protection mechanisms
described in Section 6. described in Section 6.
11.6.2. Network Performance Degradation 11.6.2. Network Performance Degradation
The possibility for malfunctioning or malicious participants to The possibility for malfunctioning or malicious participants to
degrade the network is a broad issue and considered out of scope for degrade the network is a broad issue and considered out of scope for
skipping to change at page 38, line 49 skipping to change at page 38, line 49
12. IANA Considerations 12. IANA Considerations
12.1. Registration of Protocol Identification String 12.1. Registration of Protocol Identification String
This document creates a new registration for the identification of This document creates a new registration for the identification of
the HTTP over multicast QUIC protocol in the "Application-Layer the HTTP over multicast QUIC protocol in the "Application-Layer
Protocol Negotiation (ALPN) Protocol IDs" registry established by Protocol Negotiation (ALPN) Protocol IDs" registry established by
[RFC7301]. [RFC7301].
The "hqm" string identifies HTTP semantics expressed as HTTP mapped The "h3m" string identifies HTTP semantics expressed as HTTP mapped
to a QUIC layer and carried over IP multicast: to a QUIC layer and carried over IP multicast:
Protocol: Bulk data transport using HTTP over multicast QUIC Protocol: Bulk data transport using HTTP over multicast QUIC
Identification Sequence: 0x68 0x71 0x6D ("hqm") Identification Sequence: 0x68 0x71 0x6D ("h3m")
Specification: This document, Section 9 Specification: This document, Section 9
This entry reserves an identifier that is not allowed to appear in This entry reserves an identifier that is not allowed to appear in
TLS Application-Layer Protocol Negotiation. TLS Application-Layer Protocol Negotiation.
12.2. Registration of Alt-Svc parameters 12.2. Registration of Alt-Svc parameters
This document creates seven registrations for the identification of This document creates seven registrations for the identification of
parameters for the "Hypertext Transfer Protocol (HTTP) Alt-Svc parameters for the "Hypertext Transfer Protocol (HTTP) Alt-Svc
skipping to change at page 39, line 29 skipping to change at page 39, line 29
12.2.1. Source Address 12.2.1. Source Address
Parameter name: source-address Parameter name: source-address
Specification: This document, Section 10.1 Specification: This document, Section 10.1
12.2.2. Cipher Suite 12.2.2. Cipher Suite
Parameter name: cipher-suite Parameter name: cipher-suite
Specification: This document, Section 10.2.2 Specification: This document, Section 10.2.1
12.2.3. Key 12.2.3. Key
Parameter name: key Parameter name: key
Specification: This document, Section 10.2.3 Specification: This document, Section 10.2.2
12.2.4. Initialization Vector 12.2.4. Initialization Vector
Parameter name: iv Parameter name: iv
Specification: This document, Section 10.2.4 Specification: This document, Section 10.2.3
12.2.5. Session Identifier 12.2.5. Session Identifier
Parameter name: session-id Parameter name: session-id
Specification: This document, Section 10.2.5 Specification: This document, Section 10.2.4
12.2.6. Session Idle Timeout 12.2.6. Session Idle Timeout
Parameter name: session-idle-timeout Parameter name: session-idle-timeout
Specification: This document, Section 10.2.6 Specification: This document, Section 10.2.5
12.2.7. Maximum Concurrent Resources 12.2.7. Maximum Concurrent Resources
Parameter name: max-concurrent-resources Parameter name: max-concurrent-resources
Specification: This document, Section 10.2.7 Specification: This document, Section 10.2.6
12.2.8. Peak Flow Rate 12.2.8. Peak Flow Rate
Parameter name: peak-flow-rate Parameter name: peak-flow-rate
Specification: This document, Section 10.2.8 Specification: This document, Section 10.2.7
12.2.9. Digest Algorithm 12.2.9. Digest Algorithm
Parameter name: digest-algorithm Parameter name: digest-algorithm
Specification: This document, Section 10.2.9 Specification: This document, Section 10.2.8
12.2.10. Signature Algorithm 12.2.10. Signature Algorithm
Parameter name: signature-algorithm Parameter name: signature-algorithm
Specification: This document, Section 10.2.9
12.2.11. Extension
Parameter name: extension
Specification: This document, Section 10.2.10 Specification: This document, Section 10.2.10
13. References 13. References
13.1. Normative References 13.1. Normative References
[I-D.cavage-http-signatures] [I-D.cavage-http-signatures]
Cavage, M. and M. Sporny, "Signing HTTP Messages", draft- Cavage, M. and M. Sporny, "Signing HTTP Messages", draft-
cavage-http-signatures-11 (work in progress), April 2019. cavage-http-signatures-12 (work in progress), October
2019.
[QUIC-HTTP] [QUIC-HTTP]
Bishop, M., Ed., "Hypertext Transfer Protocol Version 3 Bishop, M., Ed., "Hypertext Transfer Protocol Version 3
(HTTP/3)", draft-ietf-quic-http-22 (work in progress). (HTTP/3)", draft-ietf-quic-http-25 (work in progress).
[QUIC-QPACK] [QUIC-QPACK]
Krasic, C., Ed., Bishop, M., Ed., and A. Frindell, Ed., Krasic, C., Ed., Bishop, M., Ed., and A. Frindell, Ed.,
"QPACK: Header Compression for HTTP over QUIC", draft- "QPACK: Header Compression for HTTP over QUIC", draft-
ietf-quic-qpack-09 (work in progress). ietf-quic-qpack-12 (work in progress).
[QUIC-TRANSPORT] [QUIC-TRANSPORT]
Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", draft-ietf-quic- Multiplexed and Secure Transport", draft-ietf-quic-
transport-22 (work in progress). transport-25 (work in progress).
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
of Explicit Congestion Notification (ECN) to IP", of Explicit Congestion Notification (ECN) to IP",
RFC 3168, DOI 10.17487/RFC3168, September 2001, RFC 3168, DOI 10.17487/RFC3168, September 2001,
<https://www.rfc-editor.org/info/rfc3168>. <https://www.rfc-editor.org/info/rfc3168>.
skipping to change at page 42, line 21 skipping to change at page 42, line 26
April 2016, <https://www.rfc-editor.org/info/rfc7838>. April 2016, <https://www.rfc-editor.org/info/rfc7838>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
13.2. Informative References 13.2. Informative References
[QUIC-RECOVERY] [QUIC-RECOVERY]
Iyengar, J., Ed. and I. Swett, Ed., "QUIC Loss Detection Iyengar, J., Ed. and I. Swett, Ed., "QUIC Loss Detection
and Congestion Control", draft-ietf-quic-recovery-22 (work and Congestion Control", draft-ietf-quic-recovery-25 (work
in progress). in progress).
[QUIC-TLS] [QUIC-TLS]
Thomson, M., Ed. and S. Turner, Ed, Ed., "Using Transport Thomson, M., Ed. and S. Turner, Ed, Ed., "Using Transport
Layer Security (TLS) to Secure QUIC", draft-ietf-quic- Layer Security (TLS) to Secure QUIC", draft-ietf-quic-
tls-22 (work in progress). tls-22 (work in progress).
[RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5,
RFC 1112, DOI 10.17487/RFC1112, August 1989, RFC 1112, DOI 10.17487/RFC1112, August 1989,
<https://www.rfc-editor.org/info/rfc1112>. <https://www.rfc-editor.org/info/rfc1112>.
skipping to change at page 44, line 48 skipping to change at page 45, line 6
Advertisement of a multicast QUIC session operating on the source- Advertisement of a multicast QUIC session operating on the source-
specific multicast group address 232.0.0.1 on port 2000 with the specific multicast group address 232.0.0.1 on port 2000 with the
source address 192.0.2.1. The session ID is 16 (0x10) and the idle source address 192.0.2.1. The session ID is 16 (0x10) and the idle
timeout is one minute. At most 10 resources may be concurrently timeout is one minute. At most 10 resources may be concurrently
active in the session and the flow rate should not exceed 10 kbits/s. active in the session and the flow rate should not exceed 10 kbits/s.
The multicast transport is unencrypted. The multicast transport is unencrypted.
HTTP Alternative Service header field: HTTP Alternative Service header field:
Alt-Svc: Alt-Svc:
hqm="232.0.0.1:2000"; source-address="192.0.2.1"; quic=1; h3m="232.0.0.1:2000"; source-address="192.0.2.1";
session-id=10; session-idle-timeout=60; session-id=10; session-idle-timeout=60;
max-concurrent-resources=10; peak-flow-rate=10000 max-concurrent-resources=10; peak-flow-rate=10000
B.1.2. Source-specific Multicast QUIC Session with Transport Encryption B.1.2. Source-specific Multicast QUIC Session with Transport Encryption
using a Symmetric Key using a Symmetric Key
Advertisement of a multicast QUIC session operating on the IPv6 Advertisement of a multicast QUIC session operating on the IPv6
globally-scoped source-specific multicast group address ff3e::1234 on globally-scoped source-specific multicast group address ff3e::1234 on
port 2000 with the source address 2001:db8::1. The session ID is 16 port 2000 with the source address 2001:db8::1. The session ID is 16
(0x10) and the idle timeout is one minute. At most 10 resources may (0x10) and the idle timeout is one minute. At most 10 resources may
be concurrently active in the session and the flow rate should not be concurrently active in the session and the flow rate should not
exceed 10 kbits/s. The multicast transport is encrypted using the exceed 10 kbits/s. The multicast transport is encrypted using the
AEAD cipher suite 0x13,0x01 ("TLS_AES_128_GCM_SHA256") with the AEAD cipher suite 0x13,0x01 ("TLS_AES_128_GCM_SHA256") with the
shared session key and IV provided. shared session key and IV provided.
HTTP Alternative Service header field: HTTP Alternative Service header field:
Alt-Svc: Alt-Svc:
hqm="[ff3e::1234]:2000"; source-address="2001:db8::1"; quic=1; h3m="[ff3e::1234]:2000"; source-address="2001:db8::1";
session-id=10; session-idle-timeout=60; session-id=10; session-idle-timeout=60;
max-concurrent-resources=10; peak-flow-rate=10000; max-concurrent-resources=10; peak-flow-rate=10000;
cipher-suite=1301; key=4adf1eab9c2a37fd; cipher-suite=1301; key=4adf1eab9c2a37fd;
iv=4dbe593acb4d1577ad6ba7dc3189834e iv=4dbe593acb4d1577ad6ba7dc3189834e
B.1.3. Source-specific Multicast QUIC Session with Transport B.1.3. Source-specific Multicast QUIC Session with Transport
Encryption, Content Integrity and Authenticity Encryption, Content Integrity and Authenticity
Advertisement of a multicast QUIC session operating on the IPv6 Advertisement of a multicast QUIC session operating on the IPv6
globally-scoped source-specific multicast group address ff3e::1234 on globally-scoped source-specific multicast group address ff3e::1234 on
skipping to change at page 45, line 43 skipping to change at page 46, line 6
be concurrently active in the session and the flow rate should not be concurrently active in the session and the flow rate should not
exceed 10 kbits/s. The multicast transport is encrypted using the exceed 10 kbits/s. The multicast transport is encrypted using the
AEAD cipher suite 0x13,0x01 ("TLS_AES_128_GCM_SHA256") with the AEAD cipher suite 0x13,0x01 ("TLS_AES_128_GCM_SHA256") with the
shared session key and IV provided. Content integrity is in use with shared session key and IV provided. Content integrity is in use with
the digest algorithm set restricted to SHA-256. Content authenticity the digest algorithm set restricted to SHA-256. Content authenticity
is in use with the signature algorithm set restricted to rsa-sha256. is in use with the signature algorithm set restricted to rsa-sha256.
HTTP Alternative Service header field: HTTP Alternative Service header field:
Alt-Svc: Alt-Svc:
hqm="[ff3e::1234]:2000"; source-address="2001:db8::1"; quic=1; h3m="[ff3e::1234]:2000"; source-address="2001:db8::1";
session-id=10; session-idle-timeout=60; session-id=10; session-idle-timeout=60;
max-concurrent-resources=10; peak-flow-rate=10000; max-concurrent-resources=10; peak-flow-rate=10000;
cipher-suite=1301; key=4adf1eab9c2a37fd; cipher-suite=1301; key=4adf1eab9c2a37fd;
iv=4dbe593acb4d1577ad6ba7dc3189834e; iv=4dbe593acb4d1577ad6ba7dc3189834e;
digest-algorithm=SHA-256; signature-algorithm=rsa-sha256 digest-algorithm=SHA-256; signature-algorithm=rsa-sha256
B.2. Resource Transfer B.2. Resource Transfer
This section shows several different examples of the HTTP message This section shows several different examples of the HTTP message
patterns for a single resource. patterns for a single resource.
skipping to change at page 46, line 22 skipping to change at page 46, line 30
B.2.1. Transfer without Content Integrity or Authenticity B.2.1. Transfer without Content Integrity or Authenticity
HTTP/3 "PUSH_PROMISE" frame: HTTP/3 "PUSH_PROMISE" frame:
:method: GET :method: GET
:scheme: https :scheme: https
:path: /files/example.txt :path: /files/example.txt
:authority: example.org :authority: example.org
HTTP/3 "HEADERS" frame; HTTP/3 "HEADERS" frame:
:status: 200 :status: 200
content-length: 100 content-length: 100
content-type: text/plain content-type: text/plain
date: Fri, 20 Jan 2017 10:00:00 GMT date: Fri, 20 Jan 2017 10:00:00 GMT
HTTP/3 "DATA" frame containing 100 bytes of response body data: HTTP/3 "DATA" frame containing 100 bytes of response body data:
... ...
skipping to change at page 52, line 52 skipping to change at page 52, line 52
| | | session optionally | | | | session optionally |
| | | advertised out of | | | | advertised out of |
| | | band via Alt-Svc | | | | band via Alt-Svc |
| | | "max-concurrent- | | | | "max-concurrent- |
| | | resources" | | | | resources" |
| | | parameter. | | | | parameter. |
+----------------------------+----------------+---------------------+ +----------------------------+----------------+---------------------+
Table 2: Required Transport Parameters Table 2: Required Transport Parameters
+------------------------+------------------+-----------------------+ +-------------------------+------------------+----------------------+
| Protocol feature | Unicast QUIC | Multicast QUIC | | Protocol feature | Unicast QUIC | Multicast QUIC |
| | | profile | | | | profile |
+------------------------+------------------+-----------------------+ +-------------------------+------------------+----------------------+
| "original_connection_i | The value of the | Not used. No client | | "original_connection_id | The value of the | Not used. No client |
| d" | Destination | interaction. | | " | Destination | interaction. |
| | Connection ID | | | | Connection ID | |
| | field from the | | | | field from the | |
| | first Initial | | | | first Initial | |
| | packet sent by | | | | packet sent by | |
| | the client. | | | | the client. | |
| | | | | | | |
| "idle_timeout" | How long to keep | Not used. Advertised | | "max_idle_timeout" | How long to keep | Not used. Advertised |
| | an idle | out of band via Alt- | | | an idle | out of band via Alt- |
| | connection open | Svc "session-idle- | | | connection open | Svc "session-idle- |
| | for before | timeout" parameter; | | | for before | timeout" parameter; |
| | closing. Takes a | defaults to 0 (never | | | closing. Takes a | defaults to 0 (never |
| | default of 0 | close on idle) if not | | | default of 0 | close on idle) if |
| | (never close on | specified. | | | (never close on | not specified. |
| | idle) if not | | | | idle) if not | |
| | specified. | | | | specified. | |
| | | | | | | |
| "stateless_reset_token | Used in | Not used. Stateless | | "stateless_reset_token" | Used in | Not used. Stateless |
| " | verifying a | reset is not used by | | | verifying a | reset is not used by |
| | stateless reset. | this profile. | | | stateless reset. | this profile. |
| | | | | | | |
| "max_packet_size" | Limit of the | Not used. Maximum | | "max_packet_size" | Limit of the | Not used. Maximum |
| | size of packets | packet size for a | | | size of packets | packet size for a |
| | that an endpoint | session optionally | | | that an endpoint | session optionally |
| | is willing to | advertised out of | | | is willing to | advertised out of |
| | receive. | band via Alt-Svc | | | receive. | band via Alt-Svc |
| | | "max-packet-size" | | | | "max-packet-size" |
| | | parameter. | | | | parameter. |
| | | | | | | |
| "ack_delay_exponent" | The exponent | Not used. "ACK" | | "ack_delay_exponent" | The exponent | Not used. "ACK" |
| | used to decode | frames are prohibited | | | used to decode | frames are |
| | the ACK Delay | by this profile. | | | the ACK Delay | prohibited by this |
| | field in the | | | | field in the | profile. |
| | "ACK" frame. | | | | "ACK" frame. | |
| | | | | | | |
| "max_ack_delay" | Maximum time in | Not used. "ACK" | | "max_ack_delay" | Maximum time in | Not used. "ACK" |
| | milliseconds by | frames are prohibited | | | milliseconds by | frames are |
| | which an | by this profile. | | | which an | prohibited by this |
| | endpoint will | | | | endpoint will | profile. |
| | delay sending ac | | | | delay sending ac | |
| | knowledgements. | | | | knowledgements. | |
| | | | | | | |
| "disable_migration" | Signals if an | Not used. Session | | "disable_active_migrati | Signals if an | Not used. Session |
| | endpoint does | migration not | | on" | endpoint does | migration not |
| | not support | currently supported | | | not support | currently supported |
| | connection | by this profile. | | | connection | by this profile. |
| | migration. | | | | migration. | |
| | | | | | | |
| "preferred_address" | Used to effect a | Not used. No | | "preferred_address" | Used to effect a | Not used. No |
| | change in server | handshake in this | | | change in server | handshake in this |
| | address at the | profile. | | | address at the | profile. |
| | end of the | | | | end of the | |
| | handshake. | | | | handshake. | |
+------------------------+------------------+-----------------------+ +-------------------------+------------------+----------------------+
Table 3: Optional Transport Parameters Table 3: Optional Transport Parameters
+-------------+---------------------+-------------------------------+ +-------------+---------------------+-------------------------------+
| Protocol | Unicast QUIC | Multicast QUIC profile | | Protocol | Unicast QUIC | Multicast QUIC profile |
| feature | | | | feature | | |
+-------------+---------------------+-------------------------------+ +-------------+---------------------+-------------------------------+
| Maximum | Determined by path | Determined by path MTU | | Maximum | Determined by path | Determined by path MTU |
| packet size | MTU discovery or | discovery or other heuristic. | | packet size | MTU discovery or | discovery or other heuristic. |
| | other heuristic. | | | | other heuristic. | |
| | | | | | | |
| Long header | Used for packets | Prohibited. | | Long header | Used for packets | Prohibited. |
| packet | that are sent prior | | | packet | that are sent prior | |
| | to the completion | | | | to the completion | |
| | of version | | | | of version | |
| | negotiation and | | | | negotiation and | |
| | before packet | | | | before packet | |
| | protection keys are | | | | protection keys are | |
| | established. | | | | established. | |
| | | | | | | |
| Version | Protocol version | Not permitted. Protocol | | Version | Protocol version | Not permitted. |
| negotiation | negotiation between | version advertised out of | | negotiation | negotiation between | |
| packet | initiating client | band via Alt-Svc "quic" | | packet | initiating client | |
| | and server. | parameter. | | | and server. | |
| | | | | | | |
| Stateless | Used by a peer to | Not permitted. (Potential | | Stateless | Used by a peer to | Not permitted. (Potential |
| reset | terminate a | denial-of-service attack | | reset | terminate a | denial-of-service attack |
| packet | connection that has | vector.) | | packet | connection that has | vector.) |
| | become unusable. | | | | become unusable. | |
| | | | | | | |
| Short | Used for packets | Used to convey QUIC frames | | Short | Used for packets | Used to convey QUIC frames |
| header | that are sent once | (see below). | | header | that are sent once | (see below). |
| packet | a connection has | | | packet | a connection has | |
| | been established. | | | | been established. | |
skipping to change at page 58, line 20 skipping to change at page 58, line 20
| | migration. | | | | migration. | |
| | | | | | | |
| "PATH_RESPONSE" frame | Sent in response to | Prohibited. | | "PATH_RESPONSE" frame | Sent in response to | Prohibited. |
| | a "PATH_CHALLENGE" | | | | a "PATH_CHALLENGE" | |
| | frame. | | | | frame. | |
| | | | | | | |
| "CONNECTION_CLOSE" | Notification (by | Prohibited. Use | | "CONNECTION_CLOSE" | Notification (by | Prohibited. Use |
| frame | either peer) of | HTTP explicit | | frame | either peer) of | HTTP explicit |
| | graceful connection | session tear-down | | | graceful connection | session tear-down |
| | shutdown. | instead (see | | | shutdown. | instead (see |
| | | Section 5.5). | | | | Section 5.4). |
| | | |
| "HANDSHAKE_DONE" frame | Used by a server to | Prohibited. |
| | inform a client that | |
| | the cryptographic | |
| | handshake has | |
| | completed. | |
+------------------------+----------------------+---------------------+ +------------------------+----------------------+---------------------+
Table 5: QUIC Framing Layer Table 5: QUIC Framing Layer
+------------------+------------------+-----------------------------+ +------------------+------------------+-----------------------------+
| Protocol feature | Unicast HTTP/3 | Multicast HTTP/3 profile | | Protocol feature | Unicast HTTP/3 | Multicast HTTP/3 profile |
+------------------+------------------+-----------------------------+ +------------------+------------------+-----------------------------+
| Stream Type | Type of | Only Server Push type is | | Stream Type | Type of | Only Server Push type is |
| | unidirectional | permitted. | | | unidirectional | permitted. |
| | stream. | | | | stream. | |
skipping to change at page 59, line 4 skipping to change at page 59, line 10
| | message body. | | | | message body. | |
| | | | | | | |
| "HEADERS" frame | Carriage of HTTP | Carriage of HTTP response | | "HEADERS" frame | Carriage of HTTP | Carriage of HTTP response |
| | request/response | message metadata. Trailing | | | request/response | message metadata. Trailing |
| | message | "HEADERS" frame is | | | message | "HEADERS" frame is |
| | metadata. | permitted. | | | metadata. | permitted. |
| | Trailing | | | | Trailing | |
| | "HEADERS" frame | | | | "HEADERS" frame | |
| | is permitted. | | | | is permitted. | |
| | | | | | | |
| "PRIORITY" frame | Dynamic | Prohibited. |
| | adjustment of | |
| | stream priority. | |
| | | |
| "CANCEL_PUSH" | Used to request | Permitted only for senders. | | "CANCEL_PUSH" | Used to request | Permitted only for senders. |
| frame | cancellation of | | | frame | cancellation of | |
| | server push | | | | server push | |
| | prior to the | | | | prior to the | |
| | push stream | | | | push stream | |
| | being created. | | | | being created. | |
| | | | | | | |
| "SETTINGS" frame | Negotiation of | Prohibited. | | "SETTINGS" frame | Negotiation of | Prohibited. |
| | HTTP/3 | | | | HTTP/3 | |
| | connection | | | | connection | |
skipping to change at page 61, line 10 skipping to change at page 61, line 36
| | 0. | | | | 0. | |
+-------------+----------------------------------+------------------+ +-------------+----------------------------------+------------------+
Table 7: HTTP Metadata Compression Layer Table 7: HTTP Metadata Compression Layer
Appendix D. Changelog Appendix D. Changelog
*RFC Editor's Note:* Please remove this section prior to *RFC Editor's Note:* Please remove this section prior to
publication of a final version of this document. publication of a final version of this document.
D.1. Since draft-pardue-quic-http-mcast-04 D.1. Since draft-pardue-quic-http-mcast-05
o Update references to QUIC I-Ds.
o Sender packet number size is now fixed for the duration of a
session.
o Change how to handle multiple session IDs: sessions are now only
allowed a single ID.
o Remove incompatible requirements set by [QUIC-TRANSPORT]'s
"Required Operations".
o Additionally ban "HANDSHAKE_DONE".
o Remove Version Negotiation now that the "quic" Alt-Svc parameter
has been removed (examples also updated).
o Remove HTTP Prioritization references.
o Add new "extensions" Alt-Svc parameter.
o Broaden peak flow rate to QUIC payload to encompass all frame
types.
o Change ALPN identifier to h3m.
D.2. Since draft-pardue-quic-http-mcast-04
o Update references to QUIC I-Ds, remove QUIC-SPIN. (draft-ietf- o Update references to QUIC I-Ds, remove QUIC-SPIN. (draft-ietf-
quic-transport-20) quic-transport-20)
o Update session ID length to match new connection ID length. o Update session ID length to match new connection ID length.
(draft-ietf-quic-transport-22) (draft-ietf-quic-transport-22)
o Clarify the mapping for the new "active_connection_id_limit" o Clarify the mapping for the new "active_connection_id_limit"
session parameter. (draft-ietf-quic-transport-21) session parameter. (draft-ietf-quic-transport-21)
skipping to change at page 61, line 42 skipping to change at page 62, line 46
o Clarify difference between connection and session migration. o Clarify difference between connection and session migration.
o Move GOAWAY frame to HTTP/3 profile. o Move GOAWAY frame to HTTP/3 profile.
o Renamed Session Shutdown to Connection Shutdown to mirror concept o Renamed Session Shutdown to Connection Shutdown to mirror concept
in [QUIC-TRANSPORT]. in [QUIC-TRANSPORT].
o Clarify the layer of each frame type when referred to. o Clarify the layer of each frame type when referred to.
D.2. Since draft-pardue-quic-http-mcast-03 D.3. Since draft-pardue-quic-http-mcast-03
o Update references to QUIC I-Ds. o Update references to QUIC I-Ds.
o Change crypto handshake text now that it's no longer done on o Change crypto handshake text now that it's no longer done on
Stream ID 0. Stream ID 0.
o Update to reference Source and Destination Connection IDs. o Update to reference Source and Destination Connection IDs.
o Prohibit the use of connection coalescing, migration and ECN. o Prohibit the use of connection coalescing, migration and ECN.
skipping to change at page 62, line 26 skipping to change at page 63, line 30
o Clarify packet number space (only use application data space, not o Clarify packet number space (only use application data space, not
initial or handshake). initial or handshake).
o Add statement on QUIC latency spin bit. o Add statement on QUIC latency spin bit.
o Removed sentence stating that multiple Connection IDs cannot be o Removed sentence stating that multiple Connection IDs cannot be
used concurrently in a unicast QUIC session, in accordance with used concurrently in a unicast QUIC session, in accordance with
[QUIC-TRANSPORT] section 5.1.2. [QUIC-TRANSPORT] section 5.1.2.
D.3. Since draft-pardue-quic-http-mcast-02 D.4. Since draft-pardue-quic-http-mcast-02
o No changes. o No changes.
D.4. Since draft-pardue-quic-http-mcast-01 D.5. Since draft-pardue-quic-http-mcast-01
o Explicit guidance on maximum stream ID value permitted. o Explicit guidance on maximum stream ID value permitted.
o Updated guidance on PING (and PONG) frame. o Updated guidance on PING (and PONG) frame.
o Added a comparison table to appendix. o Added a comparison table to appendix.
o Remove invalid use of trailing headers. o Remove invalid use of trailing headers.
o Use the new HTTP/QUIC DATA frame. o Use the new HTTP/QUIC DATA frame.
skipping to change at page 63, line 5 skipping to change at page 64, line 10
o Redefine server push to reflect core document changes. o Redefine server push to reflect core document changes.
o Remove default idle time out value. o Remove default idle time out value.
o Clarify session parameter requirements (session-idle-timeout o Clarify session parameter requirements (session-idle-timeout
became mandatory). became mandatory).
o Update frame notation convention. o Update frame notation convention.
D.5. Since draft-pardue-quic-http-mcast-00 D.6. Since draft-pardue-quic-http-mcast-00
o Update references to QUIC I-Ds. o Update references to QUIC I-Ds.
o Relax session leaving requirements language. o Relax session leaving requirements language.
o Clarify handling of omitted session parameter advertisements. o Clarify handling of omitted session parameter advertisements.
o Rename "Idle" state to "Quiescent". o Rename "Idle" state to "Quiescent".
o Add digest algorithm session parameter. o Add digest algorithm session parameter.
 End of changes. 121 change blocks. 
279 lines changed or deleted 337 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/