Maintaining Protocols Using Grease and Variability
draft-edm-protocol-greasing-03
This document is an Internet-Draft (I-D) that has been submitted to the Internet Architecture Board (IAB) stream.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Active".
|
|
|---|---|---|---|
| Author | Lucas Pardue | ||
| Last updated | 2024-05-07 | ||
| RFC stream | Internet Architecture Board (IAB) | ||
| Formats | |||
| Stream | IAB state | (None) | |
| Consensus boilerplate | Unknown | ||
| IAB shepherd | (None) |
draft-edm-protocol-greasing-03
Network Working Group L. Pardue
Internet-Draft Cloudflare
Intended status: Informational 7 May 2024
Expires: 8 November 2024
Maintaining Protocols Using Grease and Variability
draft-edm-protocol-greasing-03
Abstract
Long-term interoperability of protocols is an important goal of the
network standards process. Deployment success can depend on
supporting change, which can include modifying how the protocol is
used, extending the protocol, or replacing the protocol. This
document presents concepts, considerations, and techniques related to
protocol maintenance, such as greasing or variability. The intended
audience is protocol designers and implementers.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at
https://intarchboard.github.io/draft-protocol-greasing/draft-edm-
protocol-greasing.html. Status information for this document may be
found at https://datatracker.ietf.org/doc/draft-edm-protocol-
greasing/.
Source for this draft and an issue tracker can be found at
https://github.com/intarchboard/draft-protocol-greasing.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 8 November 2024.
Pardue Expires 8 November 2024 [Page 1]
Internet-Draft Protocol Greasing May 2024
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3
3. Considerations for Applying Greasing . . . . . . . . . . . . 3
4. Considerations for Increasing Protocol Variability . . . . . 5
4.1. Example: QUIC frames . . . . . . . . . . . . . . . . . . 5
5. Considerations for Protocol Versions . . . . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
8.1. Normative References . . . . . . . . . . . . . . . . . . 6
8.2. Informative References . . . . . . . . . . . . . . . . . 6
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 7
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction
Long-term interoperability of protocols is an important goal of the
network standards process [MAINTENANCE]. Protocol deployment success
[SUCCESS] can depend on supporting change, which can include
modifying how the protocol is used, extending the protocol, or
replacing the protocol.
Greasing, a technique initially designed for TLS [GREASE] and later
adopted by other protocols such as QUIC [QUIC], can help support the
long-term viability of protocol extension points. Greasing is
suitable for many protocols but not all; Section 3.3 of [VIABILITY]
discusses the applicability and limitations of greasing. Section 3
provides additional protocol maintenance considerations.
Applications are built with the intent of serving user needs
[END-USERS], which might only require support for a subset of
protocol features. Adapting to changing user needs is a maintenance
activity. For example, an HTTP deployment focused on downloads might
want to add support for uploads. Changing use of the application and
transport protocol features can affect the deployment's network
Pardue Expires 8 November 2024 [Page 2]
Internet-Draft Protocol Greasing May 2024
traffic profile. If expectations have been formed around historical
patterns of use i.e., ossification, introducing change might lead to
deployment problems. Section 4 presents considerations about how
intentionally increasing the variability of protocols can mitigate
some of these concerns.
Protocol extensions can provide longevity in the face of changing
needs or environment. However, a replacment protocol might be
preferred when extensions are not adequate or feasible. A protocol
replacement could aggregate common extensions and possibly make them
mandatory, effectively defining a new baseline that can simplify
deployment and interoperability. A replacement protocol version may
or may not be compatible with other versions. A protocol may or may
not have a mechanism for version selection or agility. Section 5
presents considerations about designing for and/or implementing
version negotiation and migration.
2. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Considerations for Applying Greasing
Greasing can take many forms, depending on the protocol and the
nature of its extension points.
Many protocols register values, codepoints, or numbers in a limited
space. A common approach that has developed in more recent protocols
is to reserve a subset of the space for greasing (see [GREASE],
Section 18.1 of [QUIC], or Section 7.2.8 of [HTTP/3]). Values
reserved for the purpose of greasing are herein referred to as grease
values. Implementations that receive grease values are required to
ignore them. More background to this approach is given in
Section 3.3 of [VIABILITY]. This section provides concrete
suggestions for its usage.
It is assumed that endpoints should implement robust and broad
extension handling. A receiver or a parser implementation should not
treat grease values as individually special. Instead of identifying
each grease value explicitly, it is better to have a "catch all"
mechanism that can handle receipt of unknown extensions, whether
grease values or not, gracefully or without error.
Pardue Expires 8 November 2024 [Page 3]
Internet-Draft Protocol Greasing May 2024
It is recommended that senders pick an unpredictable grease value to
include in relevant protocol elements. This ensures that receiver
greasing requirements are exercised. Using predictable grease values
risks ossification. To increase the variety of grease values, it is
advised to reserve a large range. However, the specific size and
distribution of the grease range needs to accommodate the protocol
constraints. For instance, protocols that use 8-bit fields may find
it too costly to dedicate many grease values, while 32-bit or 64-bit
fields are likely to have no limitations.
It is recommended that senders use grease values at unpredictable
times or sequence points during protocol interactions. This avoids
receivers unintentionally ossifying on the occurrence of greasing in
the temporal or spatial domain.
It is recommended that large grease value sets are allocated in
protocol documents by defining a unique algorithm, to increase the
chance that receiver greasing requirements are exercised. However,
the choice of algorithm needs to consider the spread of values and
the size of contiguous blocks between grease values. It is common
for protocol extension designers to want to reserve a contiguous
block of code points in order to aid iteration and experimentation.
Small contiguous blocks increase the chance that such reservations
might unintentionally use grease values, which could lead to
interoperability failures.
Protocols might ask IANA to create new registries for their extension
points. When greasing, it is recommended that only a single entry
for the entire grease value set is registered. When an algorithm has
been used, it should be included in the entry; see for example
https://www.iana.org/assignments/http3-parameters/
http3-parameters.xhtml#http3-parameters-frame-types.
Grease values must not be used or registered for any other purpose.
Registries should include a label to identify the protected grease
value range; a label of "reserved" may be confused with other ranges
that are reserved for private or experimental extensions. An
implementer that conflates these two meanings may cause a new class
of interoperability failure. Therefore a label such as "reserved for
greasing" may help to avoid the confusion.
Pardue Expires 8 November 2024 [Page 4]
Internet-Draft Protocol Greasing May 2024
4. Considerations for Increasing Protocol Variability
Greasing can maintain protocol extensibility by falsifying active use
of its extension points. However, greasing alone does not ensure
positive use of extension mechanisms. A protocol may define a wide-
ranging extension capability that remains unused in the absence of
real use cases. This can lead to ossification that does not expect
extensions, leading to interoperability problems later on.
Long-term maintenance and interoperability can be ensured by
exercising extension points positively. To some extent this can be
thought of as protocol fuzzing. This might be difficult to exercise
because varying the protocol elements might change the outcome of
interactions, leading to real errors. However, some protocols allow
elements to be be safely changed, as shown in the following examples.
4.1. Example: QUIC frames
QUIC packets contain frames. Receivers might build expectations on
the longitudinal aspects of packets or frames - size, ordering,
frequency, etc. A sender can quite often manipulate these parameters
and stay compliant to the requirements of the QUIC protocol.
A QUIC stream is an ordered reliable byte stream that is serialized
as a sequence of STREAM frames with a length and offset. Receivers
are expected to reassemble frames, which could arrive in any order,
into an ordered reliable byte stream that is readable by
applications.
A form of positive testing is for a sender to unpredictably order the
STREAM frames that it transmits. For example, varying the sequence
order of offset values. This allows to exercise the QUIC reassembly
features of the receiver with the expectation that no failure would
occur. However, doing this may introduce delay or stream head-of-
line blocking that affects the performance aspects of a transmission,
which may not be acceptable for a given use case. As such, positive
testing might be most appropriate to use in a subset of connections,
or phases within a connection.
5. Considerations for Protocol Versions
There are intrinsic and well-documented issues related to testing
version negotiation of protocols; see [EXTENSIBILITY] and Sections
2.1 and 3.2 of [VIABILITY]. This section will be expanded with
advice for protocol designers and implementers about how to approach
these problems.
Pardue Expires 8 November 2024 [Page 5]
Internet-Draft Protocol Greasing May 2024
6. Security Considerations
The considerations in [MAINTENANCE], [GREASE], [END-USERS], and
[VIABILITY] all apply to the topics discussed in this document.
The use of protocol features, extensions, and versions can already
allow fingerprinting. Any techniques that change parameters in any
way, including but not limited to those discussed in this document,
can affect fingerprinting. A deeper analysis of this topic has been
deemed out of scope.
7. IANA Considerations
This document has no IANA actions.
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
8.2. Informative References
[END-USERS]
Nottingham, M., "The Internet is for End Users", RFC 8890,
DOI 10.17487/RFC8890, August 2020,
<https://www.rfc-editor.org/rfc/rfc8890>.
[EXTENSIBILITY]
Carpenter, B., Aboba, B., Ed., and S. Cheshire, "Design
Considerations for Protocol Extensions", RFC 6709,
DOI 10.17487/RFC6709, September 2012,
<https://www.rfc-editor.org/rfc/rfc6709>.
[GREASE] Benjamin, D., "Applying Generate Random Extensions And
Sustain Extensibility (GREASE) to TLS Extensibility",
RFC 8701, DOI 10.17487/RFC8701, January 2020,
<https://www.rfc-editor.org/rfc/rfc8701>.
[HTTP/3] Bishop, M., Ed., "HTTP/3", RFC 9114, DOI 10.17487/RFC9114,
June 2022, <https://www.rfc-editor.org/rfc/rfc9114>.
Pardue Expires 8 November 2024 [Page 6]
Internet-Draft Protocol Greasing May 2024
[MAINTENANCE]
Thomson, M. and D. Schinazi, "Maintaining Robust
Protocols", RFC 9413, DOI 10.17487/RFC9413, June 2023,
<https://www.rfc-editor.org/rfc/rfc9413>.
[QUIC] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000,
DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/rfc/rfc9000>.
[SUCCESS] Thaler, D. and B. Aboba, "What Makes for a Successful
Protocol?", RFC 5218, DOI 10.17487/RFC5218, July 2008,
<https://www.rfc-editor.org/rfc/rfc5218>.
[VIABILITY]
Thomson, M. and T. Pauly, "Long-Term Viability of Protocol
Extension Mechanisms", RFC 9170, DOI 10.17487/RFC9170,
December 2021, <https://www.rfc-editor.org/rfc/rfc9170>.
Acknowledgments
This work is a summary of the topics discussed during EDM meetings.
The contributors at those meetings are thanked.
Author's Address
Lucas Pardue
Cloudflare
Email: lucas@lucaspardue.com
Pardue Expires 8 November 2024 [Page 7]