HTTP                                                             M. Duke
Internet-Draft                                                    Google
Intended status: Standards Track                               L. Pardue
Expires: 29 October 2022                                      Cloudflare
                                                           27 April 2022


         An Alt-Svc Parameter and SvcParamKey for QUIC Versions
               draft-duke-httpbis-quic-version-alt-svc-01

Abstract

   HTTP Alternative Services (Alt-Svc) describes how one origin's
   resource can be accessed via a different protocol/host/port
   combination.  Alternatives are advertised by servers using the Alt-
   Svc header field or the ALTSVC frame.  This includes a protocol name,
   which reuses Application Layer Protocol Negotiation (ALPN)
   codepoints.  The "h3" codepoint indicates the availability of HTTP/3.
   A client that uses such an alternative first makes a QUIC connection.
   However, without a priori knowledge of which QUIC version to use,
   clients might incur a round-trip latency penalty to complete QUIC
   version negotiation, or forfeit desirable properties of a QUIC
   version.  This document specifies a new Alt-Svc parameter that
   specifies alternative supported QUIC versions, which substantially
   reduces the chance of this penalty.

   Similarly, clients can retrieve additional instructions about access
   to services or resources via DNS SVCB and HTTP Resource Records.
   This document also defines a new SvcParamKey for these Resource
   Records, which specifies the specific QUIC versions in use.

About This Document

   This note is to be removed before publishing as an RFC.

   The latest revision of this draft can be found at
   https://martinduke.github.io/quic-version-alt-svc-parameter/draft-
   duke-httpbis-quic-version-alt-svc.html.  Status information for this
   document may be found at https://datatracker.ietf.org/doc/draft-duke-
   httpbis-quic-version-alt-svc/.

   Discussion of this document takes place on the HTTP Working Group
   mailing list (mailto:ietf-http-wg@w3.org), which is archived at
   https://lists.w3.org/Archives/Public/ietf-http-wg/.

   Source for this draft and an issue tracker can be found at
   https://github.com/martinduke/quic-version-alt-svc-parameter.




Duke & Pardue            Expires 29 October 2022                [Page 1]


Internet-Draft  An Alt-Svc Parameter and SvcParamKey for      April 2022


Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 29 October 2022.

Copyright Notice

   Copyright (c) 2022 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   4
   3.  The quicv Parameter . . . . . . . . . . . . . . . . . . . . .   4
   4.  The quicv SvcParamKey . . . . . . . . . . . . . . . . . . . .   5
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .   6
   References  . . . . . . . . . . . . . . . . . . . . . . . . . . .   6
     Normative References  . . . . . . . . . . . . . . . . . . . . .   6
     Informative References  . . . . . . . . . . . . . . . . . . . .   6
   Appendix A.  Change Log . . . . . . . . . . . . . . . . . . . . .   7
     A.1.  since draft-duke-httpbis-quic-version-alt-svc-00  . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   7





Duke & Pardue            Expires 29 October 2022                [Page 2]


Internet-Draft  An Alt-Svc Parameter and SvcParamKey for      April 2022


1.  Introduction

   HTTP Alternative Services (Alt-Svc) [ALTSVC] describes how one
   origin's resource can be accessed via a different protocol/host/port
   combination.  Alternatives are advertised by servers using the Alt-
   Svc header field or the ALTSVC frame.  This includes a protocol name,
   which reuses codepoints from the Application-Layer Protocol
   Negotiation (ALPN) TLS extension [RFC7301].  Servers can advertise
   multiple alternatives, in which case the order reflects the server's
   preferences (the first value being the most preferred).

   Clients can ignore alternative services, or pick one at their
   discretion.  A client might use any details from the advertisement,
   in addition to out of band information, in determining if an
   alternative is suitable or preferred.

   While ALPN was originally intend to allow multiple applications to
   utilize TLS or DTLS on the same IP address and TCP or UDP port, ALPN
   can also usefully identify the transport in an Alt-Svc context.  The
   "h3" ALPN codepoint informs the client that it can use HTTP/3
   [I-D.ietf-quic-http] for access, which in turn requires the QUIC
   transport protocol [RFC8999].

   QUIC is versioned.  A client and server that both support a QUIC
   version can, through a negotiation process, generally agree on that
   version in no more than one round-trip.  However, to avoid that
   penalty clients might use the most commonly deployed QUIC version
   (e.g. version 1 [RFC9000] at the time of writing), rather than the
   version with the most desirable properties for the client's use case.

   To avoid the round-trip, one solution would be to register unique
   ALPN codepoints for each HTTP/3 and QUIC version combination.
   However, this might complicate deployment of new versions and
   deprecation of old ones: architecturally, an application should
   provide its ALPN to its QUIC implementation.  In this case, fully
   deploying a new version in that implementation would require updating
   all applications that use it.

   Instead, this document specifies an Alt-Svc parameter that lists the
   QUIC versions available to serve the resource.  Clients that do not
   understand this parameter will ignore it.  They might default to the
   most likely version, and/or incur a round-trip penalty in the event
   of a mismatch.  Clients that do process the parameter will connect
   successfully using the most desirable version with high probability.







Duke & Pardue            Expires 29 October 2022                [Page 3]


Internet-Draft  An Alt-Svc Parameter and SvcParamKey for      April 2022


   Domain Name System (DNS) Service Binding (SVCB) and HTTPS Resource
   Records [I-D.ietf-dsnop-svcb-https] allow the distribution of access
   instructions beyond the IP address via DNS.  This document also
   specifies a new SvcParamKey for these Resource Records to distribute
   QUIC version information with this technique.

2.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   This document uses the Augmented BNF defined in [RFC5234] and imports
   parameter from Section 3 of [ALTSVC].

3.  The quicv Parameter

   This document specifies the "quicv" Alt-Svc parameter, which lists
   the QUIC versions supported by an endpoint, using the hexadecimal
   representation of the version field in a QUIC long header, as
   indicated in [RFC8999].  Senders MAY omit leading zeroes from version
   numbers.

   quicv         = version-list
   version-list  = DQUOTE version 1*( OWS, "," OWS version-number) DQUOTE
   version = 1*8 HEXDIG; hex-encoded QUIC version

   Examples:

   Alt-Svc: h3=":443"; quicv="1"
   Alt-Svc: h3=":443"; quicv="709a50c4,1"
   Alt-Svc: h3=":443"; quicv="709a50c4,1", h3=":1001"; quicv="709a50c4"

   The order of entries in version-list reflects the server's preference
   (with the first value being the most preferred alternative).

   Note that the quicv parameter applies to a single associated entry in
   the Alt-Svc list.  Servers MUST NOT provide a quicv parameter to an
   entry containing ALPN codepoint that does not potentially utilize
   QUIC.

   If the Alt-Svc information resolves to a server pool that
   inconsistently supports different QUIC versions, the parameter SHOULD
   only advertise versions that are supported throughout the pool.





Duke & Pardue            Expires 29 October 2022                [Page 4]


Internet-Draft  An Alt-Svc Parameter and SvcParamKey for      April 2022


4.  The quicv SvcParamKey

   SVCB and HTTPS Resource Records can include the quicv SvcParamKey.
   Its presentation format value and use are identical to the quicv Alt-
   Svc Parameter.  Its wire format value consists of the version numbers
   in network byte order.

   To include the quicv SvcParamKey in a resource record, it MUST also
   include at least one ALPN that can be delivered over QUIC.

   For example, consider a service configuration that advertisees two
   QUIC versions on the default port, but only one version on a non-
   default port.

   In Alt-Svc, this could be represented as:

   Alt-Svc: h3=":443"; quicv="709a50c4,1", h3=":1001"; quicv="709a50c4"

   As HTTPS RRs, this could be represented as:

   example.com IN HTTPS 1 . alpn=h2,h3 quicv=709a50c4,1
   example.com IN HTTPS 1 . alpn=h3 port=1001 quicv=709a50c4

5.  Security Considerations

   This document inherits the security considerations of [ALTSVC],
   especially the implications of "Changing Protocols" in Section 9.3.
   There are few protocol properties guaranteed to hold across all QUIC
   versions, so endpoints should be aware what capabilities are
   intrinsic to the QUIC versions they are advertising.

   This parameter reveals capabilities of the described server, but this
   information is already available by inducing the server to generate a
   QUIC version negotiation packet.

6.  IANA Considerations

   Please add this entry to the HTTP Alt-Svc Parameter Registry:

   Alt-Svc Parameter: quicv

   Reference: This document

   Please add this entry to the Service Binding (SVCB) Parameter
   Registry:

   Number: TBD




Duke & Pardue            Expires 29 October 2022                [Page 5]


Internet-Draft  An Alt-Svc Parameter and SvcParamKey for      April 2022


   Name: quicv

   Meaning: Supported QUIC versions

   Format Reference: This document

Acknowledgments

   Thanks to Ben Schwartz for his help with the Resource Record
   formatting.

References

Normative References

   [ALTSVC]   Bishop, M. and M. Thomson, "HTTP Alternative Services",
              Work in Progress, Internet-Draft, draft-ietf-httpbis-
              rfc7838bis-00, 31 August 2021,
              <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-
              rfc7838bis-00>.

   [I-D.ietf-dsnop-svcb-https]
              "*** BROKEN REFERENCE ***".

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", STD 68, RFC 5234,
              DOI 10.17487/RFC5234, January 2008,
              <https://www.rfc-editor.org/rfc/rfc5234>.

Informative References

   [RFC7301]  Friedl, S., Popov, A., Langley, A., and E. Stephan,
              "Transport Layer Security (TLS) Application-Layer Protocol
              Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301,
              July 2014, <https://www.rfc-editor.org/rfc/rfc7301>.

   [I-D.ietf-quic-http]
              Bishop, M., "Hypertext Transfer Protocol Version 3
              (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf-



Duke & Pardue            Expires 29 October 2022                [Page 6]


Internet-Draft  An Alt-Svc Parameter and SvcParamKey for      April 2022


              quic-http-34, 2 February 2021,
              <https://datatracker.ietf.org/doc/html/draft-ietf-quic-
              http-34>.

   [RFC8999]  Thomson, M., "Version-Independent Properties of QUIC",
              RFC 8999, DOI 10.17487/RFC8999, May 2021,
              <https://www.rfc-editor.org/rfc/rfc8999>.

   [RFC9000]  Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
              Multiplexed and Secure Transport", RFC 9000,
              DOI 10.17487/RFC9000, May 2021,
              <https://www.rfc-editor.org/rfc/rfc9000>.

Appendix A.  Change Log

      *RFC Editor's Note:* Please remove this section prior to
      publication of a final version of this document.

A.1.  since draft-duke-httpbis-quic-version-alt-svc-00

   *  Added SVCB and HTTPS Resource Records

Authors' Addresses

   Martin Duke
   Google
   Email: martin.h.duke@gmail.com


   Lucas Pardue
   Cloudflare
   Email: lucaspardue.24.7@gmail.com



















Duke & Pardue            Expires 29 October 2022                [Page 7]