idnits 2.17.1 draft-ietf-quic-applicability-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (2 September 2021) is 966 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-12) exists of draft-ietf-httpbis-priority-04 == Outdated reference: A later version (-14) exists of draft-ietf-quic-version-negotiation-04 == Outdated reference: A later version (-10) exists of draft-ietf-quic-datagram-03 == Outdated reference: A later version (-18) exists of draft-ietf-quic-manageability-13 == Outdated reference: A later version (-19) exists of draft-ietf-taps-arch-11 == Outdated reference: A later version (-19) exists of draft-ietf-quic-load-balancers-07 -- Obsolete informational reference (is this intentional?): RFC 5077 (Obsoleted by RFC 8446) Summary: 0 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Kuehlewind 3 Internet-Draft Ericsson 4 Intended status: Informational B. Trammell 5 Expires: 6 March 2022 Google 6 2 September 2021 8 Applicability of the QUIC Transport Protocol 9 draft-ietf-quic-applicability-13 11 Abstract 13 This document discusses the applicability of the QUIC transport 14 protocol, focusing on caveats impacting application protocol 15 development and deployment over QUIC. Its intended audience is 16 designers of application protocol mappings to QUIC, and implementors 17 of these application protocols. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on 6 March 2022. 36 Copyright Notice 38 Copyright (c) 2021 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 43 license-info) in effect on the date of publication of this document. 44 Please review these documents carefully, as they describe your rights 45 and restrictions with respect to this document. Code Components 46 extracted from this document must include Simplified BSD License text 47 as described in Section 4.e of the Trust Legal Provisions and are 48 provided without warranty as described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 53 2. The Necessity of Fallback . . . . . . . . . . . . . . . . . . 3 54 3. Zero RTT . . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 3.1. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 4 56 3.2. Session resumption versus Keep-alive . . . . . . . . . . 5 57 4. Use of Streams . . . . . . . . . . . . . . . . . . . . . . . 7 58 4.1. Stream versus Flow Multiplexing . . . . . . . . . . . . . 8 59 4.2. Prioritization . . . . . . . . . . . . . . . . . . . . . 9 60 4.3. Ordered and Reliable Delivery . . . . . . . . . . . . . . 9 61 4.4. Flow Control Deadlocks . . . . . . . . . . . . . . . . . 10 62 4.5. Stream Limit Commitments . . . . . . . . . . . . . . . . 11 63 5. Packetization and Latency . . . . . . . . . . . . . . . . . . 12 64 6. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 13 65 7. Acknowledgment Efficiency . . . . . . . . . . . . . . . . . . 14 66 8. Port Selection and Application Endpoint Discovery . . . . . . 14 67 8.1. Source Port Selection . . . . . . . . . . . . . . . . . . 15 68 9. Connection Migration . . . . . . . . . . . . . . . . . . . . 16 69 10. Connection Termination . . . . . . . . . . . . . . . . . . . 16 70 11. Information Exposure and the Connection ID . . . . . . . . . 17 71 11.1. Server-Generated Connection ID . . . . . . . . . . . . . 18 72 11.2. Mitigating Timing Linkability with Connection ID 73 Migration . . . . . . . . . . . . . . . . . . . . . . . 18 74 11.3. Using Server Retry for Redirection . . . . . . . . . . . 19 75 12. Quality of Service (QoS) and DSCP . . . . . . . . . . . . . . 19 76 13. Use of Versions and Cryptographic Handshake . . . . . . . . . 20 77 14. Enabling New Versions . . . . . . . . . . . . . . . . . . . . 20 78 15. Unreliable Datagram Service over QUIC . . . . . . . . . . . . 21 79 16. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 80 17. Security Considerations . . . . . . . . . . . . . . . . . . . 22 81 18. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 22 82 19. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 23 83 20. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 84 20.1. Normative References . . . . . . . . . . . . . . . . . . 23 85 20.2. Informative References . . . . . . . . . . . . . . . . . 24 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 88 1. Introduction 90 QUIC [QUIC] is a new transport protocol providing a number of 91 advanced features. While initially designed for the HTTP use case, 92 it provides capabilities that can be used with a much wider variety 93 of applications. QUIC is encapsulated in UDP. QUIC version 1 94 integrates TLS 1.3 [TLS13] to encrypt all payload data and most 95 control information. The version of HTTP that uses QUIC is known as 96 HTTP/3 [QUIC-HTTP]. 98 This document provides guidance for application developers that want 99 to use the QUIC protocol without implementing it on their own. This 100 includes general guidance for applications operating over HTTP/3 or 101 directly over QUIC. 103 In the following sections we discuss specific caveats to QUIC's 104 applicability, and issues that application developers must consider 105 when using QUIC as a transport for their application. 107 2. The Necessity of Fallback 109 QUIC uses UDP as a substrate. This enables userspace implementation 110 and permits traversal of network middleboxes (including NAT) without 111 requiring updates to existing network infrastructure. 113 While recent measurements have shown no evidence of a widespread, 114 systematic disadvantage of UDP traffic compared to TCP in the 115 Internet [Edeline16], somewhere between three [Trammell16] and five 116 [Swett16] percent of networks block all UDP traffic. All 117 applications running on top of QUIC must therefore either be prepared 118 to accept connectivity failure on such networks or be engineered to 119 fall back to some other transport protocol. In the case of HTTP, 120 this fallback is TLS over TCP. 122 The IETF TAPS specifications [I-D.ietf-taps-arch] describe a system 123 with a common API for multiple protocols and some of the implications 124 of fallback between these different protocols, specifically 125 precluding fallback to insecure protocols or to weaker versions of 126 secure protocols. 128 An application that implements fallback needs to consider the 129 security consequences. A fallback to TCP and TLS exposes control 130 information to modification and manipulation in the network. 131 Further, downgrades to older TLS versions than 1.3, which is used in 132 QUIC version 1, might result in significantly weaker cryptographic 133 protection. For example, the results of protocol negotiation 134 [RFC7301] only have confidentiality protection if TLS 1.3 is used. 136 These applications must operate, perhaps with impaired functionality, 137 in the absence of features provided by QUIC not present in the 138 fallback protocol. For fallback to TLS over TCP, the most obvious 139 difference is that TCP does not provide stream multiplexing and 140 therefore stream multiplexing would need to be implemented in the 141 application layer if needed. Further, TCP implementations and 142 network paths often do not support the Fast Open option [RFC7413], 143 which enables sending of payload data together with the first control 144 packet of a new connection as also provided by 0-RTT session 145 resumption in QUIC. Note that there is some evidence of middleboxes 146 blocking SYN data even if TFO was successfully negotiated (see 147 [PaaschNanog]). And even if Fast Open successfully operates end-to- 148 end, it is limited to a single packet of TLS handshake and 149 application data, unlike QUIC 0-RTT. 151 Moreover, while encryption (in this case TLS) is inseparably 152 integrated with QUIC, TLS negotiation over TCP can be blocked. If 153 TLS over TCP cannot be supported, the connection should be aborted, 154 and the application then ought to present a suitable prompt to the 155 user that secure communication is unavailable. 157 In summary, any fallback mechanism is likely to impose a degradation 158 of performance and can degrade security; however, fallback must not 159 silently violate the application's expectation of confidentiality or 160 integrity of its payload data. 162 3. Zero RTT 164 QUIC provides for 0-RTT connection establishment. Though the same 165 facility exists in TLS 1.3 with TCP, 0-RTT presents opportunities and 166 challenges for applications using QUIC. 168 A transport protocol that provides 0-RTT connection establishment is 169 qualitatively different than one that does not from the point of view 170 of the application using it. Relative trade-offs between the cost of 171 closing and reopening a connection and trying to keep it open are 172 different; see Section 3.2. 174 An application needs to deliberately choose to use 0-RTT, as 0-RTT 175 carries a risk of replay attack. Application protocols that use 176 0-RTT require a profile that describes the types of information that 177 can be safely sent. For HTTP, this profile is described in 178 [HTTP-REPLAY]. 180 3.1. Replay Attacks 182 Retransmission or (malicious) replay of data contained in 0-RTT 183 packets could cause the server side to receive two copies of the same 184 data. 186 Application data sent by the client in 0-RTT packets could be 187 processed more than once if it is replayed. Applications need to be 188 aware of what is safe to send in 0-RTT. Application protocols that 189 seek to enable the use of 0-RTT need a careful analysis and a 190 description of what can be sent in 0-RTT; see Section 5.6 of 191 [QUIC-TLS]. 193 In some cases, it might be sufficient to limit application data sent 194 in 0-RTT to that which only causes actions at a server that are known 195 to be free of lasting effect. Initiating data retrieval or 196 establishing configuration are examples of actions that could be 197 safe. Idempotent operations - those for which repetition has the 198 same net effect as a single operation - might be safe. However, it 199 is also possible to combine individually idempotent operations into a 200 non-idempotent sequence of operations. 202 Once a server accepts 0-RTT data there is no means of selectively 203 discarding data that is received. However, protocols can define ways 204 to reject individual actions that might be unsafe if replayed. 206 Some TLS implementations and deployments might be able to provide 207 partial or even complete replay protection, which could be used to 208 manage replay risk. 210 3.2. Session resumption versus Keep-alive 212 Because QUIC is encapsulated in UDP, applications using QUIC must 213 deal with short network idle timeouts. Deployed stateful middleboxes 214 will generally establish state for UDP flows on the first packet 215 sent, and keep state for much shorter idle periods than for TCP. 216 [RFC5382] suggests a TCP idle period of at least 124 minutes, though 217 there is no evidence of widespread implementation of this guideline 218 in the literature. Short network timeout for UDP, however, is well- 219 documented. According to a 2010 study ([Hatonen10]), UDP 220 applications can assume that any NAT binding or other state entry can 221 expire after just thirty seconds of inactivity. Section 3.5 of 222 [RFC8085] further discusses keep-alive intervals for UDP: it requires 223 a minimum value of 15 seconds, but recommends larger values, or 224 omitting keep-alive entirely. 226 By using a connection ID, QUIC is designed to be robust to NAT 227 address rebinding after a timeout. However, this only helps if one 228 endpoint maintains availability at the address its peer uses, and the 229 peer is the one to send after the timeout occurs. 231 Some QUIC connections might not be robust to NAT rebinding because 232 the routing infrastructure (in particular, load balancers) uses the 233 address/port four-tuple to direct traffic. Furthermore, middleboxes 234 with functions other than address translation could still affect the 235 path. In particular, some firewalls do not admit server traffic for 236 which the firewall has no recent state for a corresponding packet 237 sent from the client. 239 QUIC applications can adjust idle periods to manage the risk of 240 timeout. Idle periods and the network idle timeout are distinct from 241 the connection idle timeout, which is defined as the minimum of 242 either endpoint's idle timeout parameter; see Section 10.1 of 243 [QUIC]). There are three options: 245 * Ignore the issue, if the application-layer protocol consists only 246 of interactions with no or very short idle periods, or the 247 protocol's resistance to NAT rebinding is sufficient. 249 * Ensure there are no long idle periods. 251 * Resume the session after a long idle period, using 0-RTT 252 resumption when appropriate. 254 The first strategy is the easiest, but it only applies to certain 255 applications. 257 Either the server or the client in a QUIC application can send PING 258 frames as keep-alives, to prevent the connection and any on-path 259 state from timing out. Recommendations for the use of keep-alives 260 are application-specific, mainly depending on the latency 261 requirements and message frequency of the application. In this case, 262 the application mapping must specify whether the client or server is 263 responsible for keeping the application alive. While [Hatonen10] 264 suggests that 30 seconds might be a suitable value for the public 265 Internet when a NAT is on path, larger values are preferable if the 266 deployment can consistently survive NAT rebinding or is known to be 267 in a controlled environment (e.g. data centres) in order to lower 268 network and computational load. 270 Sending PING frames more frequently than every 30 seconds over long 271 idle periods may result in excessive unproductive traffic in some 272 situations, and to unacceptable power usage for power-constrained 273 (mobile) devices. Additionally, timeouts shorter than 30 seconds can 274 make it harder to handle transient network interruptions, such as VM 275 migration or coverage loss during mobilty. See [RFC8085], especially 276 Section 3.5. 278 Alternatively, the client (but not the server) can use session 279 resumption instead of sending keepalive traffic. In this case, a 280 client that wants to send data to a server over a connection that has 281 been idle longer than the server's idle timeout (available from the 282 idle_timeout transport parameter) can simply reconnect. When 283 possible, this reconnection can use 0-RTT session resumption, 284 reducing the latency involved with restarting the connection. Of 285 course, this approach is only valid in cases in which it is safe to 286 use 0-RTT and when the client is the restarting peer. It is also not 287 applicable when the application binds external state to the 288 connection, as this state cannot reliably be transferred to a resumed 289 connection. 291 The tradeoffs between resumption and keep-alives need to be evaluated 292 on a per-application basis. In general, applications should use 293 keep-alives only in circumstances where continued communication is 294 highly likely; [QUIC-HTTP], for instance, recommends using keep- 295 alives only when a request is outstanding. 297 4. Use of Streams 299 QUIC's stream multiplexing feature allows applications to run 300 multiple streams over a single connection, without head-of-line 301 blocking between streams. Stream data is carried within frames, 302 where one QUIC packet on the wire can carry one or multiple stream 303 frames. 305 Streams can be unidirectional or bidirectional, and a stream may be 306 initiated either by client or server. Only the initiator of a 307 unidirectional stream can send data on it. 309 Streams and connections can each carry a maximum of 2^62-1 bytes in 310 each direction, due to encoding limitations on stream offsets and 311 connection flow control limits. In the presently unlikely event that 312 this limit is reached by an application, a new connection would need 313 to be established. 315 Streams can be independently opened and closed, gracefully or 316 abruptly. An application can gracefully close the egress direction 317 of a stream by instructing QUIC to send a FIN bit in a STREAM frame. 318 It cannot gracefully close the ingress direction without a peer- 319 generated FIN, much like in TCP. However, an endpoint can abruptly 320 close the egress direction or request that its peer abruptly close 321 the ingress direction; these actions are fully independent of each 322 other. 324 QUIC does not provide an interface for exceptional handling of any 325 stream. If a stream that is critical for an application is closed, 326 the application can generate error messages on the application layer 327 to inform the other end and/or the higher layer, which can eventually 328 terminate the QUIC connection. 330 Mapping of application data to streams is application-specific and 331 described for HTTP/3 in [QUIC-HTTP]. There are a few general 332 principles to apply when designing an application's use of streams: 334 * A single stream provides ordering. If the application requires 335 certain data to be received in order, that data should be sent on 336 the same stream. There is no guarantee of transmission, 337 reception, or delivery order across streams. 339 * Multiple streams provide concurrency. Data that can be processed 340 independently, and therefore would suffer from head of line 341 blocking if forced to be received in order, should be transmitted 342 over separate streams. 344 * Streams can provide message orientation, and allow messages to be 345 cancelled. If one message is mapped to a single stream, resetting 346 the stream to expire an unacknowledged message can be used to 347 emulate partial reliability for that message. 349 If a QUIC receiver has opened the maximum allowed concurrent streams, 350 and the sender indicates that more streams are needed, it does not 351 automatically lead to an increase of the maximum number of streams by 352 the receiver. Therefore, an application can use the maximum number 353 of allowed, currently open, and currently used streams when 354 determining how to map data to streams. 356 QUIC assigns a numerical identifier to each stream, called the stream 357 ID. While the relationship between these identifiers and stream 358 types is clearly defined in version 1 of QUIC, future versions might 359 change this relationship for various reasons. QUIC implementations 360 should expose the properties of each stream (which endpoint initiated 361 the stream, whether the stream is unidirectional or bidirectional, 362 the stream ID used for the stream); applications should query for 363 these properties rather than attempting to infer them from the stream 364 ID. 366 The method of allocating stream identifiers to streams opened by the 367 application might vary between transport implementations. Therefore, 368 an application should not assume a particular stream ID will be 369 assigned to a stream that has not yet been allocated. For example, 370 HTTP/3 uses stream IDs to refer to streams that have already been 371 opened, but makes no assumptions about future stream IDs or the way 372 in which they are assigned Section 6 of [QUIC-HTTP]). 374 4.1. Stream versus Flow Multiplexing 376 Streams are meaningful only to the application; since stream 377 information is carried inside QUIC's encryption boundary, a given 378 packet exposes no information about which stream(s) are carried 379 within the packet. Therefore, stream multiplexing is not intended to 380 be used for differentiating streams in terms of network treatment. 381 Application traffic requiring different network treatment should 382 therefore be carried over different five-tuples (i.e. multiple QUIC 383 connections). Given QUIC's ability to send application data in the 384 first RTT of a connection (if a previous connection to the same host 385 has been successfully established to provide the necessary 386 credentials), the cost of establishing another connection is 387 extremely low. 389 4.2. Prioritization 391 Stream prioritization is not exposed to either the network or the 392 receiver. Prioritization is managed by the sender, and the QUIC 393 transport should provide an interface for applications to prioritize 394 streams [QUIC]. Applications can implement their own prioritization 395 scheme on top of QUIC: an application protocol that runs on top of 396 QUIC can define explicit messages for signaling priority, such as 397 those defined in [I-D.draft-ietf-httpbis-priority] for HTTP; it can 398 define rules that allow an endpoint to determine priority based on 399 context; or it can provide a higher level interface and leave the 400 determination to the application on top. 402 Priority handling of retransmissions can be implemented by the sender 403 in the transport layer. [QUIC] recommends retransmitting lost data 404 before new data, unless indicated differently by the application. 405 When a QUIC endpoint uses fully reliable streams for transmission, 406 prioritization of retransmissions will be beneficial in most cases, 407 filling in gaps and freeing up the flow control window. For 408 partially reliable or unreliable streams, priority scheduling of 409 retransmissions over data of higher-priority streams might not be 410 desirable. For such streams, QUIC could either provide an explicit 411 interface to control prioritization, or derive the prioritization 412 decision from the reliability level of the stream. 414 4.3. Ordered and Reliable Delivery 416 QUIC streams enable ordered and reliable delivery. Though it is 417 possible for an implementation to provide options that use streams 418 for partial reliability or out-of-order delivery, most 419 implementations will assume that data is reliably delivered in order. 421 Under this assumption, an endpoint that receives stream data might 422 not make forward progress until data that is contiguous with the 423 start of a stream is available. In particular, a receiver might 424 withhold flow control credit until contiguous data is delivered to 425 the application; see Section 2.2 of [QUIC]. To support this receive 426 logic, an endpoint will send stream data until it is acknowledged, 427 ensuring that data at the start of the stream is sent and 428 acknowledged first. 430 An endpoint that uses a different sending behavior and does not 431 negotiate that change with its peer might encounter performance 432 issues or deadlocks. 434 4.4. Flow Control Deadlocks 436 QUIC flow control provides a means of managing access to the limited 437 buffers endpoints have for incoming data. This mechanism limits the 438 amount of data that can be in buffers in endpoints or in transit on 439 the network. However, there are several ways in which limits can 440 produce conditions that can cause a connection to either perform 441 suboptimally or deadlock. 443 Deadlocks in flow control are possible for any protocol that uses 444 QUIC, though whether they become a problem depends on how 445 implementations consume data and provide flow control credit. 446 Understanding what causes deadlocking might help implementations 447 avoid deadlocks. 449 The size and rate of transport flow control credit updates can affect 450 performance. Applications that use QUIC often have a data consumer 451 that reads data from transport buffers. Some implementations might 452 have independent transport-layer and application-layer receive 453 buffers. Consuming data does not always imply it is immediately 454 processed. However, a common flow control implementation technique 455 is to extend credit to the sender, by emitting MAX_DATA and/or 456 MAX_STREAM_DATA frames, as data is consumed. Delivery of these 457 frames is affected by the latency of the back channel from the 458 receiver to the data sender. If credit is not extended in a timely 459 manner, the sending application can be blocked, effectively 460 throttling the sender. 462 Large application messages can produce deadlocking if the recipient 463 does not read data from the transport incrementally. If the message 464 is larger than the flow control credit available and the recipient 465 does not release additional flow control credit until the entire 466 message is received and delivered, a deadlock can occur. This is 467 possible even where stream flow control limits are not reached 468 because connection flow control limits can be consumed by other 469 streams. 471 A length-prefixed message format makes it easier for a data consumer 472 to leave data unread in the transport buffer and thereby withhold 473 flow control credit. If flow control limits prevent the remainder of 474 a message from being sent, a deadlock will result. A length prefix 475 might also enable the detection of this sort of deadlock. Where 476 application protocols have messages that might be processed as a 477 single unit, reserving flow control credit for the entire message 478 atomically makes this style of deadlock less likely. 480 A data consumer can eagerly read all data as it becomes available, in 481 order to make the receiver extend flow control credit and reduce the 482 chances of a deadlock. However, such a data consumer might need 483 other means for holding a peer accountable for the additional state 484 it keeps for partially processed messages. 486 Deadlocking can also occur if data on different streams is 487 interdependent. Suppose that data on one stream arrives before the 488 data on a second stream on which it depends. A deadlock can occur if 489 the first stream is left unread, preventing the receiver from 490 extending flow control credit for the second stream. To reduce the 491 likelihood of deadlock for interdependent data, the sender should 492 ensure that dependent data is not sent until the data it depends on 493 has been accounted for in both stream- and connection- level flow 494 control credit. 496 Some deadlocking scenarios might be resolved by cancelling affected 497 streams with STOP_SENDING or RESET_STREAM. Cancelling some streams 498 results in the connection being terminated in some protocols. 500 4.5. Stream Limit Commitments 502 QUIC endpoints are responsible for communicating the cumulative limit 503 of streams they would allow to be opened by their peer. Initial 504 limits are advertised using the initial_max_streams_bidi and 505 initial_max_streams_uni transport parameters. As streams are opened 506 and closed they are consumed and the cumulative total is incremented. 507 Limits can be increased using the MAX_STREAMS frame but there is no 508 mechanism to reduce limits. Once stream limits are reached, no more 509 streams can be opened, which prevents applications using QUIC from 510 making further progress. At this stage connections can be terminated 511 via idle timeout or explicit close; see Section 10). 513 An application that uses QUIC and communicated a cumulative stream 514 limit might require the connection to be closed before the limit is 515 reached. For example, to stop the server to perform scheduled 516 maintenance. Immediate connection close causes abrupt closure of 517 actively used streams. Depending on how an application uses QUIC 518 streams, this could be undesirable or detrimental to behavior or 519 performance. 521 A more graceful closure technique is to stop sending increases to 522 stream limits and allow the connection to naturally terminate once 523 remaining streams are consumed. However, the period of time it takes 524 to do so is dependent on the peer and an unpredictable closing period 525 might not fit application or operational needs. Applications using 526 QUIC can be conservative with open stream limits in order to reduce 527 the commitment and indeterminism. However, being overly conservative 528 with stream limits affects stream concurrency. Balancing these 529 aspects can be specific to applications and their deployments. 531 Instead of relying on stream limits to avoid abrupt closure, an 532 application-layer graceful close mechanism can be used to communicate 533 the intention to explicitly close the connection at some future 534 point. HTTP/3 provides such a mechanism using the GOAWAY frame. In 535 HTTP/3, when the GOAWAY frame is received by a client, it stops 536 opening new streams even if the cumulative stream limit would allow. 537 Instead, the client would create a new connection on which to open 538 further streams. Once all streams are closed on the old connection, 539 it can be terminated safely by a connection close or after expiration 540 of the idle time out (see also Section 10). 542 5. Packetization and Latency 544 QUIC exposes an interface that provides multiple streams to the 545 application; however, the application usually cannot control how data 546 transmitted over those streams is mapped into frames or how those 547 frames are bundled into packets. 549 By default, many implementations will try to maximally pack QUIC 550 packets DATA frames from one or more streams to minimize bandwidth 551 consumption and computational costs (see Section 13 of [QUIC]). If 552 there is not enough data available to fill a packet, an 553 implementation might wait for a short time, to optimize bandwidth 554 efficiency instead of latency. This delay can either be pre- 555 configured or dynamically adjusted based on the observed sending 556 pattern of the application. 558 If the application requires low latency, with only small chunks of 559 data to send, it may be valuable to indicate to QUIC that all data 560 should be sent out immediately. Alternatively, if the application 561 expects to use a specific sending pattern, it can also provide a 562 suggested delay to QUIC for how long to wait before bundle frames 563 into a packet. 565 Similarly, an application has usually no control about the length of 566 a QUIC packet on the wire. QUIC provides the ability to add a 567 PADDING frame to arbitrarily increase the size of packets. Padding 568 is used by QUIC to ensure that the path is capable of transferring 569 datagrams of at least a certain size, during the handshake (see 570 Sections 8.1 and 14.1 of [QUIC]) and for path validation after 571 connection migration (see Section 8.2 of [QUIC]) as well as for 572 Datagram Packetization Layer PMTU Discovery (DPLMTUD) (see 573 Section 14.3 of [QUIC]). 575 Padding can also be used by an application to reduce leakage of 576 information about the data that is sent. A QUIC implementation can 577 expose an interface that allows an application layer to specify how 578 to apply padding. 580 6. Error Handling 582 QUIC recommends that endpoints signal any detected errors to the 583 peer. Errors can occur at the transport level and the application 584 level. Transport errors, such as a protocol violation, affect the 585 entire connection. Applications that use QUIC can define their own 586 error detection and signaling (see, for example, Section 8 of 587 [QUIC-HTTP]). Application errors can affect an entire connection or 588 a single stream. 590 QUIC defines an error code space that is used for error handling at 591 the transport layer. QUIC encourages endpoints to use the most 592 specific code, although any applicable code is permitted, including 593 generic ones. 595 Applications using QUIC define an error code space that is 596 independent from QUIC or other applications (see, for example, 597 Section 8.1 of [QUIC-HTTP]). The values in an application error code 598 space can be reused across connection-level and stream-level errors. 600 Connection errors lead to connection termination. They are signaled 601 using a CONNECTION_CLOSE frame, which contains an error code and a 602 reason field that can be zero length. Different types of 603 CONNECTION_CLOSE frame are used to signal transport and application 604 errors. 606 Stream errors lead to stream termination. The are signaled using 607 STOP_SENDING or RESET_STREAM frames, which contain only an error 608 code. 610 7. Acknowledgment Efficiency 612 QUIC version 1 without extensions uses an acknowledgment strategy 613 adopted from TCP. That is, every other packet is acknowledged. 614 However, generating and processing QUIC acknowledgments can consume 615 significant resources, both in terms of processing costs and link 616 utilization, especially on constraint networks. Some applications 617 might be able to improve overall performance by using alternative 618 strategies that reduce the rate of acknowledgments. 620 8. Port Selection and Application Endpoint Discovery 622 In general, port numbers serve two purposes: "first, they provide a 623 demultiplexing identifier to differentiate transport sessions between 624 the same pair of endpoints, and second, they may also identify the 625 application protocol and associated service to which processes 626 connect" [RFC6335]. The assumption that an application can be 627 identified in the network based on the port number is less true today 628 due to encapsulation, mechanisms for dynamic port assignments, and 629 NATs. 631 As QUIC is a general-purpose transport protocol, there are no 632 requirements that servers use a particular UDP port for QUIC. For 633 applications with a fallback to TCP that do not already have an 634 alternate mapping to UDP, usually the registration (if necessary) and 635 use of the UDP port number corresponding to the TCP port already 636 registered for the application is appropriate. For example, the 637 default port for HTTP/3 [QUIC-HTTP] is UDP port 443, analogous to 638 HTTP/1.1 or HTTP/2 over TLS over TCP. 640 Given the prevalence of the assumption in network management practice 641 that a port number maps unambiguously to an application, the use of 642 ports that cannot easily be mapped to a registered service name might 643 lead to blocking or other changes to the forwarding behavior by 644 network elements such as firewalls that use the port number for 645 application identification. 647 Applications could define an alternate endpoint discovery mechanism 648 to allow the usage of ports other than the default. For example, 649 HTTP/3 (Sections 3.2 and 3.3 of [QUIC-HTTP]) specifies the use of 650 HTTP Alternative Services [RFC7838] for an HTTP origin to advertise 651 the availability of an equivalent HTTP/3 endpoint on a certain UDP 652 port by using the "h3" Application-Layer Protocol Negotiation (ALPN) 653 [RFC7301] token. 655 ALPN permits the client and server to negotiate which of several 656 protocols will be used on a given connection. Therefore, multiple 657 applications might be supported on a single UDP port based on the 658 ALPN token offered. Applications using QUIC are required to register 659 an ALPN token for use in the TLS handshake. 661 As QUIC version 1 deferred defining a complete version negotiation 662 mechanism, HTTP/3 requires QUIC version 1 and defines the ALPN token 663 ("h3") to only apply to that version. So far no single approach has 664 been selected for managing the use of different QUIC versions, 665 neither in HTTP/3 nor in general. Application protocols that use 666 QUIC need to consider how the protocol will manage different QUIC 667 versions. Decisions for those protocols might be informed by choices 668 made by other protocols, like HTTP/3. 670 8.1. Source Port Selection 672 Some UDP protocols are vulnerable to reflection attacks, where an 673 attacker is able to direct traffic to a third party as a denial of 674 service. For example, these source ports are associated with 675 applications known to be vulnerable to reflection attacks, often due 676 to server misconfiguration: 678 * port 53 - DNS [RFC1034] 680 * port 123 - NTP [RFC5905] 682 * port 1900 - SSDP [SSDP] 684 * port 5353 - mDNS [RFC6762] 686 * port 11211 - memcached 688 Services might block source ports associated with protocols known to 689 be vulnerable to reflection attacks, to avoid the overhead of 690 processing large numbers of packets. However, this practice has 691 negative effects on clients: not only does it require establishment 692 of a new connection, but in some instances, might cause the client to 693 avoid using QUIC for that service for a period of time, downgrading 694 to a non-UDP protocol (see Section 2). 696 As a result, client implementations are encouraged to avoid using 697 source ports associated with protocols known to be vulnerable to 698 reflection attacks. Note that the list above is not exhaustive; 699 other source ports might be considered reflection vectors as well. 701 9. Connection Migration 703 QUIC supports connection migration by the client. If an IP address 704 changes, a QUIC endpoint can still associate packets with an existing 705 transport connection using the Destination Connection ID field (see 706 also Section 11) in the QUIC header. This supports cases where 707 address information changes, such as NAT rebinding, intentional 708 change of the local interface, or based on an indication in the 709 handshake of the server for a preferred address to be used. 711 Use of a non-zero-length connection ID for the server is strongly 712 recommended if any clients are behind a NAT or could be. A non-zero- 713 length connection ID is also strongly recommended when active 714 migration is supported. If a connection is intentionally migrated to 715 new path, a new connection ID is used to minimize linkability by 716 network observers. The other QUIC endpoint uses the connection ID to 717 link different addresses to the same connection and entity if a non- 718 zero-length connection ID is provided. 720 The base specification of QUIC version 1 only supports the use of a 721 single network path at a time, which enables failover use cases. 722 Path validation is required so that endpoints validate paths before 723 use to avoid address spoofing attacks. Path validation takes at 724 least one RTT and congestion control will also be reset after path 725 migration. Therefore, migration usually has a performance impact. 727 QUIC probing packets, which can be sent on multiple paths at once, 728 are used to perform address validation as well as measure path 729 characteristics. Probing packets cannot carry application data but 730 likely contain padding frames. Endpoints can use information about 731 their receipt as input to congestion control for that path. 732 Applications could use information learned from probing to inform a 733 decision to switch paths. 735 Only the client can actively migrate in version 1 of QUIC. However, 736 servers can indicate during the handshake that they prefer to 737 transfer the connection to a different address after the handshake. 738 For instance, this could be used to move from an address that is 739 shared by multiple servers to an address that is unique to the server 740 instance. The server can provide an IPv4 and an IPv6 address in a 741 transport parameter during the TLS handshake and the client can 742 select between the two if both are provided. See also Section 9.6 of 743 [QUIC]. 745 10. Connection Termination 747 QUIC connections are terminated in one of three ways: implicit idle 748 timeout, explicit immediate close, or explicit stateless reset. 750 QUIC does not provide any mechanism for graceful connection 751 termination; applications using QUIC can define their own graceful 752 termination process (see, for example, Section 5.2 of [QUIC-HTTP]). 754 QUIC idle timeout is enabled via transport parameters. Client and 755 server announce a timeout period and the effective value for the 756 connection is the minimum of the two values. After the timeout 757 period elapses, the connection is silently closed. An application 758 therefore should be able to configure its own maximum value, as well 759 as have access to the computed minimum value for this connection. An 760 application may adjust the maximum idle timeout for new connections 761 based on the number of open or expected connections, since shorter 762 timeout values may free-up resources more quickly. 764 Application data exchanged on streams or in datagrams defers the QUIC 765 idle timeout. Applications that provide their own keep-alive 766 mechanisms will therefore keep a QUIC connection alive. Applications 767 that do not provide their own keep-alive can use transport-layer 768 mechanisms (see Section 10.1.2 of [QUIC], and Section 3.2). However, 769 QUIC implementation interfaces for controlling such transport 770 behavior can vary, affecting the robustness of such approaches. 772 An immediate close is signaled by a CONNECTION_CLOSE frame (see 773 Section 6). Immediate close causes all streams to become immediately 774 closed, which may affect applications; see Section 4.5. 776 A stateless reset is an option of last resort for an endpoint that 777 does not have access to connection state. Receiving a stateless 778 reset is an indication of an unrecoverable error distinct from 779 connection errors in that there is no application-layer information 780 provided. 782 11. Information Exposure and the Connection ID 784 QUIC exposes some information to the network in the unencrypted part 785 of the header, either before the encryption context is established or 786 because the information is intended to be used by the network. For 787 more information on manageability of QUIC see also 788 [I-D.ietf-quic-manageability]. QUIC has a long header that exposes 789 some additional information (the version and the source connection 790 ID), while the short header exposes only the destination connection 791 ID. In QUIC version 1, the long header is used during connection 792 establishment, while the short header is used for data transmission 793 in an established connection. 795 The connection ID can be zero length. Zero length connection IDs can 796 be chosen on each endpoint individually, on any packet except the 797 first packets sent by clients during connection establishment. 799 An endpoint that selects a zero-length connection ID will receive 800 packets with a zero-length destination connection ID. The endpoint 801 needs to use other information, such as the source and destination IP 802 address and port number to identify which connection is referred to. 803 This could mean that the endpoint is unable to match datagrams to 804 connections successfully if these values change, making the 805 connection effectively unable to survive NAT rebinding or migrate to 806 a new path. 808 11.1. Server-Generated Connection ID 810 QUIC supports a server-generated connection ID, transmitted to the 811 client during connection establishment (see Section 7.2 of [QUIC]). 812 Servers behind load balancers may need to change the connection ID 813 during the handshake, encoding the identity of the server or 814 information about its load balancing pool, in order to support 815 stateless load balancing. 817 Server deployments with load balancers and other routing 818 infrastructure need to ensure that this infrastructure consistently 819 routes packets to the server instance that has the connection state, 820 even if addresses, ports, and/or connection IDs change. This might 821 require coordination between servers and infrastructure. One method 822 of achieving this involves encoding routing information into the 823 connection ID. For an example of this technique, see [QUIC-LB]. 825 11.2. Mitigating Timing Linkability with Connection ID Migration 827 QUIC requires that endpoints generate fresh connection IDs for use on 828 new network paths. Choosing values that are unlinkable to an outside 829 observer ensures that activity on different paths cannot be trivially 830 correlated using the connection ID. 832 While sufficiently robust connection ID generation schemes will 833 mitigate linkability issues, they do not provide full protection. 834 Analysis of the lifetimes of six-tuples (source and destination 835 addresses as well as the migrated CID) may expose these links anyway. 837 In the limit where connection migration in a server pool is rare, it 838 is trivial for an observer to associate two connection IDs. 839 Conversely, in the opposite limit where every server handles multiple 840 simultaneous migrations, even an exposed server mapping may be 841 insufficient information. 843 The most efficient mitigations for these attacks are through network 844 design and/or operational practice, by using a load balancing 845 architecture that loads more flows onto a single server-side address, 846 by coordinating the timing of migrations in an attempt to increase 847 the number of simultaneous migrations at a given time, or through 848 other means. 850 11.3. Using Server Retry for Redirection 852 QUIC provides a Retry packet that can be sent by a server in response 853 to the client Initial packet. The server may choose a new connection 854 ID in that packet and the client will retry by sending another client 855 Initial packet with the server-selected connection ID. This 856 mechanism can be used to redirect a connection to a different server, 857 e.g., due to performance reasons or when servers in a server pool are 858 upgraded gradually, and therefore may support different versions of 859 QUIC. 861 In this case, it is assumed that all servers belonging to a certain 862 pool are served in cooperation with load balancers that forward the 863 traffic based on the connection ID. A server can choose the 864 connection ID in the Retry packet such that the load balancer will 865 redirect the next Initial packet to a different server in that pool. 866 Alternatively the load balancer can directly offer a Retry service as 867 further described in [QUIC-LB]. 869 Section 4 of [RFC5077] describes an example approach for constructing 870 TLS resumption tickets that can be also applied for validation 871 tokens, however, the use of more modern cryptographic algorithms is 872 highly recommended. 874 12. Quality of Service (QoS) and DSCP 876 QUIC, as defined in [RFC9000], has a single congestion controller and 877 recovery handler. This design assumes that all packets of a QUIC 878 connection, or at least with the same 5-tuple {dest addr, source 879 addr, protocol, dest port, source port}, that have the same DiffServ 880 Code Point (DSCP) [RFC2475] will receive similar network treatment 881 since feedback about loss or delay of each packet is used as input to 882 the congestion controller. Therefore, packets belonging to the same 883 connection should use a single DSCP. Section 5.1 of [RFC7657] 884 provides a discussion of DiffServ interactions with datagram 885 transport protocols [RFC7657] (in this respect the interactions with 886 QUIC resemble those of SCTP). 888 When multiplexing multiple flows over a single QUIC connection, the 889 selected DSCP value should be the one associated with the highest 890 priority requested for all multiplexed flows. 892 If differential network treatment is desired, e.g., by the use of 893 different DSCPs, multiple QUIC connections to the same server may be 894 used. However, in general it is recommended to minimize the number 895 of QUIC connections to the same server, to avoid increased overhead 896 and, more importantly, competing congestion control. 898 As in other uses of DiffServ, when a packet enters a network segment 899 that does not support the DSCP value, this could result in the 900 connection not receiving the network treatment it expects. The DSCP 901 value in this packet could also be remarked as the packet travels 902 along the network path, changing the requested treatment. 904 13. Use of Versions and Cryptographic Handshake 906 Versioning in QUIC may change the protocol's behavior completely, 907 except for the meaning of a few header fields that have been declared 908 to be invariant [QUIC-INVARIANTS]. A version of QUIC with a higher 909 version number will not necessarily provide a better service, but 910 might simply provide a different feature set. As such, an 911 application needs to be able to select which versions of QUIC it 912 wants to use. 914 A new version could use an encryption scheme other than TLS 1.3 or 915 higher. [QUIC] specifies requirements for the cryptographic 916 handshake as currently realized by TLS 1.3 and described in a 917 separate specification [QUIC-TLS]. This split is performed to enable 918 light-weight versioning with different cryptographic handshakes. 920 14. Enabling New Versions 922 QUIC version 1 does not specify a version negotation mechanism in the 923 base spec but [I-D.draft-ietf-quic-version-negotiation] proposes an 924 extension. This process assumes that the set of versions that a 925 server supports is fixed. This complicates the process for deploying 926 new QUIC versions or disabling old versions when servers operate in 927 clusters. 929 A server that rolls out a new version of QUIC can do so in three 930 stages. Each stage is completed across all server instances before 931 moving to the next stage. 933 In the first stage of deployment, all server instances start 934 accepting new connections with the new version. The new version can 935 be enabled progressively across a deployment, which allows for 936 selective testing. This is especially useful when the new version is 937 compatible with an old version, because the new version is more 938 likely to be used. 940 While enabling the new version, servers do not advertise the new 941 version in any Version Negotiation packets they send. This prevents 942 clients that receive a Version Negotiation packet from attempting to 943 connect to server instances that might not have the new version 944 enabled. 946 During the initial deployment, some clients will have received 947 Version Negotiation packets that indicate that the server does not 948 support the new version. Other clients might have successfully 949 connected with the new version and so will believe that the server 950 supports the new version. Therefore, servers need to allow for this 951 ambiguity when validating the negotiated version. 953 The second stage of deployment commences once all server instances 954 are able to accept new connections with the new version. At this 955 point, all servers can start sending the new version in Version 956 Negotiation packets. 958 During the second stage, the server still allows for the possibility 959 that some clients believe the new version to be available and some do 960 not. This state will persist only for as long as any Version 961 Negotiation packets take to be transmitted and responded to. So the 962 third stage can follow after a relatively short delay. 964 The third stage completes the process by enabling authentication of 965 the negotiated version with the assumption that the new version is 966 fully available. 968 The process for disabling an old version or rolling back the 969 introduction of a new version uses the same process in reverse. 970 Servers disable validation of the old version, stop sending the old 971 version in Version Negotiation packets, then the old version is no 972 longer accepted. 974 15. Unreliable Datagram Service over QUIC 976 [I-D.ietf-quic-datagram] specifies a QUIC extension to enable sending 977 and receiving unreliable datagrams over QUIC. Unlike operating 978 directly over UDP, applications that use the QUIC datagram service do 979 not need to implement their own congestion control, per [RFC8085], as 980 QUIC datagrams are congestion controlled. 982 QUIC datagrams are not flow-controlled, and as such data chunks may 983 be dropped if the receiver is overloaded. While the reliable 984 transmission service of QUIC provides a stream-based interface to 985 send and receive data in order over multiple QUIC streams, the 986 datagram service has an unordered message-based interface. If 987 needed, an application layer framing can be used on top to allow 988 separate flows of unreliable datagrams to be multiplexed on one QUIC 989 connection. 991 16. IANA Considerations 993 This document has no actions for IANA; however, note that Section 8 994 recommends that application bindings to QUIC for applications using 995 TCP register UDP ports analogous to their existing TCP registrations. 997 17. Security Considerations 999 See the security considerations in [QUIC] and [QUIC-TLS]; the 1000 security considerations for the underlying transport protocol are 1001 relevant for applications using QUIC, as well. Considerations on 1002 linkability, replay attacks, and randomness discussed in [QUIC-TLS] 1003 should be taken into account when deploying and using QUIC. 1005 Further, migration to an new address exposes a linkage between client 1006 addresses to the server and may expose this linkage also to the path 1007 if the connection ID cannot be changed or flows can otherwise be 1008 correlated. When migration is supported, this needs to be considered 1009 with respective to user privacy. 1011 Application developers should note that any fallback they use when 1012 QUIC cannot be used due to network blocking of UDP should guarantee 1013 the same security properties as QUIC; if this is not possible, the 1014 connection should fail to allow the application to explicitly handle 1015 fallback to a less-secure alternative. See Section 2. 1017 Further, [QUIC-HTTP] provides security considerations specific to 1018 HTTP. However, discussions such as on cross-protocol attacks, 1019 traffic analysis and padding, or migration might be relevant for 1020 other applications using QUIC as well. 1022 18. Contributors 1024 The following people have contributed significant text to and/or 1025 feedback on this document: 1027 * Gorry Fairhurst 1029 * Ian Swett 1030 * Igor Lubashev 1032 * Lucas Pardue 1034 * Mike Bishop 1036 * Mark Nottingham 1038 * Martin Duke 1040 * Martin Thomson 1042 * Sean Turner 1044 * Tommy Pauly 1046 19. Acknowledgments 1048 This work was partially supported by the European Commission under 1049 Horizon 2020 grant agreement no. 688421 Measurement and Architecture 1050 for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat 1051 for Education, Research, and Innovation under contract no. 15.0268. 1052 This support does not imply endorsement. 1054 20. References 1056 20.1. Normative References 1058 [QUIC] Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed 1059 and Secure Transport", Work in Progress, Internet-Draft, 1060 draft-ietf-quic-transport-34, 14 January 2021, 1061 . 1064 [QUIC-INVARIANTS] 1065 Thomson, M., "Version-Independent Properties of QUIC", 1066 Work in Progress, Internet-Draft, draft-ietf-quic- 1067 invariants-13, 14 January 2021, 1068 . 1071 [QUIC-TLS] Thomson, M. and S. Turner, "Using TLS to Secure QUIC", 1072 Work in Progress, Internet-Draft, draft-ietf-quic-tls-34, 1073 14 January 2021, . 1076 [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. 1077 Cheshire, "Internet Assigned Numbers Authority (IANA) 1078 Procedures for the Management of the Service Name and 1079 Transport Protocol Port Number Registry", BCP 165, 1080 RFC 6335, DOI 10.17487/RFC6335, August 2011, 1081 . 1083 [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based 1084 Multiplexed and Secure Transport", RFC 9000, 1085 DOI 10.17487/RFC9000, May 2021, 1086 . 1088 [TLS13] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1089 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1090 . 1092 20.2. Informative References 1094 [Edeline16] 1095 Edeline, K., Kuehlewind, M., Trammell, B., Aben, E., and 1096 B. Donnet, "Using UDP for Internet Transport Evolution 1097 (arXiv preprint 1612.07816)", 22 December 2016, 1098 . 1100 [Hatonen10] 1101 Hatonen, S., Nyrhinen, A., Eggert, L., Strowes, S., 1102 Sarolahti, P., and M. Kojo, "An experimental study of home 1103 gateway characteristics (Proc. ACM IMC 2010)", October 1104 2010. 1106 [HTTP-REPLAY] 1107 Thomson, M., Nottingham, M., and W. Tarreau, "Using Early 1108 Data in HTTP", RFC 8470, DOI 10.17487/RFC8470, September 1109 2018, . 1111 [I-D.draft-ietf-httpbis-priority] 1112 Oku, K. and L. Pardue, "Extensible Prioritization Scheme 1113 for HTTP", Work in Progress, Internet-Draft, draft-ietf- 1114 httpbis-priority-04, 11 July 2021, 1115 . 1118 [I-D.draft-ietf-quic-version-negotiation] 1119 Schinazi, D. and E. Rescorla, "Compatible Version 1120 Negotiation for QUIC", Work in Progress, Internet-Draft, 1121 draft-ietf-quic-version-negotiation-04, 26 May 2021, 1122 . 1125 [I-D.ietf-quic-datagram] 1126 Pauly, T., Kinnear, E., and D. Schinazi, "An Unreliable 1127 Datagram Extension to QUIC", Work in Progress, Internet- 1128 Draft, draft-ietf-quic-datagram-03, 12 July 2021, 1129 . 1132 [I-D.ietf-quic-manageability] 1133 Kuehlewind, M. and B. Trammell, "Manageability of the QUIC 1134 Transport Protocol", Work in Progress, Internet-Draft, 1135 draft-ietf-quic-manageability-13, 2 September 2021, 1136 . 1139 [I-D.ietf-taps-arch] 1140 Pauly, T., Trammell, B., Brunstrom, A., Fairhurst, G., 1141 Perkins, C., Tiesel, P. S., and C. A. Wood, "An 1142 Architecture for Transport Services", Work in Progress, 1143 Internet-Draft, draft-ietf-taps-arch-11, 12 July 2021, 1144 . 1147 [PaaschNanog] 1148 Paasch, C., "Network Support for TCP Fast Open (NANOG 67 1149 presentation)", 13 June 2016, 1150 . 1153 [QUIC-HTTP] 1154 Bishop, M., "Hypertext Transfer Protocol Version 3 1155 (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf- 1156 quic-http-34, 2 February 2021, 1157 . 1160 [QUIC-LB] Duke, M. and N. Banks, "QUIC-LB: Generating Routable QUIC 1161 Connection IDs", Work in Progress, Internet-Draft, draft- 1162 ietf-quic-load-balancers-07, 9 July 2021, 1163 . 1166 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", 1167 STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, 1168 . 1170 [RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z., 1171 and W. Weiss, "An Architecture for Differentiated 1172 Services", RFC 2475, DOI 10.17487/RFC2475, December 1998, 1173 . 1175 [RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig, 1176 "Transport Layer Security (TLS) Session Resumption without 1177 Server-Side State", RFC 5077, DOI 10.17487/RFC5077, 1178 January 2008, . 1180 [RFC5382] Guha, S., Ed., Biswas, K., Ford, B., Sivakumar, S., and P. 1181 Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142, 1182 RFC 5382, DOI 10.17487/RFC5382, October 2008, 1183 . 1185 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 1186 "Network Time Protocol Version 4: Protocol and Algorithms 1187 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 1188 . 1190 [RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762, 1191 DOI 10.17487/RFC6762, February 2013, 1192 . 1194 [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, 1195 "Transport Layer Security (TLS) Application-Layer Protocol 1196 Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, 1197 July 2014, . 1199 [RFC7413] Cheng, Y., Chu, J., Radhakrishnan, S., and A. Jain, "TCP 1200 Fast Open", RFC 7413, DOI 10.17487/RFC7413, December 2014, 1201 . 1203 [RFC7657] Black, D., Ed. and P. Jones, "Differentiated Services 1204 (Diffserv) and Real-Time Communication", RFC 7657, 1205 DOI 10.17487/RFC7657, November 2015, 1206 . 1208 [RFC7838] Nottingham, M., McManus, P., and J. Reschke, "HTTP 1209 Alternative Services", RFC 7838, DOI 10.17487/RFC7838, 1210 April 2016, . 1212 [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage 1213 Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, 1214 March 2017, . 1216 [SSDP] Donoho, A., Roe, B., Bodlaender, M., Gildred, J., Messer, 1217 A., Kim, Y., Fairman, B., and J. Tourzan, "UPnP Device 1218 Architecture 2.0", 17 April 2020, 1219 . 1222 [Swett16] Swett, I., "QUIC Deployment Experience at Google (IETF96 1223 QUIC BoF presentation)", 20 July 2016, 1224 . 1227 [Trammell16] 1228 Trammell, B. and M. Kuehlewind, "Internet Path 1229 Transparency Measurements using RIPE Atlas (RIPE72 MAT 1230 presentation)", 25 May 2016, . 1233 Authors' Addresses 1235 Mirja Kuehlewind 1236 Ericsson 1238 Email: mirja.kuehlewind@ericsson.com 1240 Brian Trammell 1241 Google 1242 Gustav-Gull-Platz 1 1243 CH- 8004 Zurich 1244 Switzerland 1246 Email: ietf@trammell.ch