An Unreliable Datagram Extension to QUIC
draft-ietf-quic-datagram-10

Closed request for Telechat review by INTDIR with state 'Withdrawn': Telechat deadline has passed... The document has been approved by the IESG. Please next time, be explicit and refuse to review the document. Thank you. -éric

[Ballot comment]
Section 5.2. , paragraph 5, comment:
>    If a sender detects that a packet containing a specific DATAGRAM
>    frame might have been lost, the implementation MAY notify the
>    application that it believes the datagram was lost.
>
>    Similarly, if a packet containing a DATAGRAM frame is acknowledged,
>    the implementation MAY notify the sender application that the
>    datagram was successfully transmitted and received.  Due to

Being able to emit these notifications seem to depend on structuring the API
between the implementation and the application so that not only opaque datagram
blobs are exchanged, but that they are also associated with some sort of
identifier?

Thanks to Meral Shirazipour for their General Area Review Team (Gen-ART) review
(https://mailarchive.ietf.org/arch/msg/gen-art/7_tXP9y1m0RYcb-8k6P8IbyTMGc).

-------------------------------------------------------------------------------
All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

"Table of Contents", paragraph 2, nit:
> . . . . . . . . . . . . 9 8. Acknowledgments . . . . . . . . . . . . . . . .
>                              ^^^^^^^^^^^^^^^
Do not mix variants of the same word ("acknowledgment" and "acknowledgement")
within a single text.

"Table of Contents", paragraph 2, nit:
> s, and each frame type defines whether or not the data it contains will be r
>                                ^^^^^^^^^^^^^^
Consider shortening this phrase to just "whether". It is correct though if you
mean "regardless of whether".

[Ballot comment]
Something that would make this document *much* more understandable, especially for those of us who are not so bright, is that QUIC datagrams are not just QUIC carrying UDP.
The document says:
"In the past, these applications have built directly upon UDP [RFC0768] as a transport,
and have often added security with DTLS [RFC6347].  Extending QUIC to support transmitting
unreliable application data provides another option for secure datagrams, with the added
benefit of sharing the cryptographic and authentication context used for reliable streams."

Even though I knew that this isn't just tunneling UDP over QUIC, the above description and use of the term "datagram" (which has become synonymous with UDP) keeps making me forget that.
I don't have any suggested text, but something like a "Note: This is a QUIC transport to carry unreliable data natively, and does not encapsulate UDP packets" or something.

Also, much thanks to Jürgen Schönwälder for his OpsDir review of -07, and the authors for addressing the comments.

I wanted to confirm that the authors had seen that Jürgen followed up with an additional review of -08 (much thanks Jürgen!) at https://datatracker.ietf.org/doc/review-ietf-quic-datagram-08-opsdir-telechat-schoenwaelder-2022-01-31/

[Ballot comment]
Something that would make this document *much* more understandable, especially for those of us who are not so bright, is that QUIC datagrams are not just QUIC carrying UDP.
The document says:
"In the past, these applications have built directly upon UDP [RFC0768] as a transport,
and have often added security with DTLS [RFC6347].  Extending QUIC to support transmitting
unreliable application data provides another option for secure datagrams, with the added
benefit of sharing the cryptographic and authentication context used for reliable streams."

Even though I knew that this isn't just tunneling UDP over QUIC, the above description and use of the term "datagram" (which has become synonymous with UDP) keeps making me forget that.
I don't have any suggested text, but something like a "Note: This is a QUIC transport to carry unreliable data natively, and does not encapsulate UDP packets" or something.

Also, much thanks to Jürgen Schönwälder for his OpsDir review of -07, and the authors for addressing the comments.

I wanted to confirm that the authors had seen that Jürgen followed up with an additional review of -08 (thanks Jürgen!) at https://datatracker.ietf.org/doc/review-ietf-quic-datagram-08-opsdir-telechat-schoenwaelder-2022-01-31/

[Ballot comment]
Thank you for the work put into this document. It can indeed be very useful notably for the VPN case.

Please find below some blocking DISCUSS points (probably easy to address), some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits.

Special thanks to Lucas Pardue for the shepherd's write-up including the section about the WG consensus even if I had appreciated a justification for the PS status rather than an assertion.

I hope that this helps to improve the document,

Regards,

-éric

## Section 3

Does it make any sense to have max_datagram_frame_size <= 20 ? (IPv4 header size)

## Section 4

The first paragraph with the binary notation is not easy to parse. I really prefer the first paragraph of section 19.3 of RFC 9000.

## Section 5.1

I find the following text hard contradicting the first paragraph of section 5:
  QUIC implementations SHOULD present an API to applications to assign
  relative priorities to DATAGRAM frames with respect to each other and
  to QUIC streams.

[Ballot comment]
Section 3:

* "... transport parameter greater or equal to ..." -- s/greater/greater than/  (two instances)

Section 4:

* I also tripped on the thing John pointed out.

Section 5:

* I don't understand the two SHOULDs in this section.  When/why would you ever do otherwise?

[Ballot comment]
Section 3:

* "... transport parameter greater or equal to ..." -- s/greater/greater than/  (two instances)

Section 5:

* I don't understand the two SHOULDs in this section.  When/why would you ever do otherwise?

[Ballot comment]
As a rank QUIC neophyte my ability to offer serious technical review of this document is limited at best. However I do have a few questions that (in the best case) might reveal lacunae that experts overlooked but which trip up a neophyte, or (in the worst case) only my own ignorance.

1. In the Motivation section you write,

  *  Applications that open both a reliable TLS stream and an
      unreliable DTLS flow to the same peer can benefit by sharing a
      single handshake and authentication context between a reliable
      QUIC stream and flow of unreliable QUIC datagrams.  This can
      reduce the latency required for handshakes.

This threw me off, considering that in the previous section (Introduction) you point to UDP/DTLS as a prior way of providing a similar service. In the quotation above it seems as though you’re using them synonymously… or something.

TBH, I just don’t follow what the quoted text is getting at. :-( I do get (in a general way) that QUIC makes use of (parts of?) TLS, but that doesn’t allow me to make sense of it.

2. You’re inconsistent about whether DATAGRAM frames have a type, singular, or types, plural. Plural seems right to me, but read on. In §3, you refer to “the DATAGRAM frame types”, plural. But then in §4 you say that the LSB of “the DATAGRAM frame type” (singular) “is the LEN bit”. Seems to me you should make up your mind: either you have two types, 0x30 and 0x31, whose semantics differ with respect to the Length field, OR you have a single type and a flag.

Really I think you have two types (witness the IANA allocation: two, not one) and the characterization of the LSB as a flag is just a distraction, I would remove it. Clearly that doesn’t prevent an implementor from taking advantage of the structure if they want to, but I think it would clean up some awkwardness in the prose.

3. Further to that, in Section 4 you say,

              The DATAGRAM frame type takes the form 0b0011000X
  (or the values 0x30 and 0x31).

It took me an embarrassingly long time to recognize that the first form you list means “binary 0011000x, where x indicates ‘don’t care’”. I suppose maybe I was slow because we use hex notation all the time in our document set, and binary notation exceedingly seldom in my experience. Possibly I am the only person who will stumble on this. But possibly not. In any case if you were to clean up my “is it one type, or two” complaint by collapsing the waveform to “it’s two”, this problem would also go away.

4. In Section 5 you say,

  When a QUIC endpoint receives a valid DATAGRAM frame, it SHOULD
  deliver the data to the application immediately, as long as it is
  able to process the frame and can store the contents in memory.

Isn’t the final clause in the category of “well, duh”? I mean, is there a situation in which a QUIC endpoint is *not* able to process the frame or *not* able to store the contents in memory, but still might be expected to deliver the data to the application? Seems like that’d be a “no”.

I mean, the remark does no real harm, but why bother stating the obvious?

8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  72
    8.1.  The IETF XML Registry . . . . . . . . . . . . . . . . . .  72
    8.2.  YANG Module Names Registry  . . . . . . . . . . . . . . .  72
    8.3.  BRSKI well-known considerations . . . . . . . . . . . . .  72
      8.3.1.  BRSKI .well-known registration  . . . . . . . . . . .  72
      8.3.2.  BRSKI .well-known registry  . . . . . . . . . . . . .  73
    8.4.  PKIX Registry . . . . . . . . . . . . . . . . . . . . . .  73
    8.5.  Pledge BRSKI Status Telemetry . . . . . . . . . . . . . .  73
    8.6.  DNS Service Names . . . . . . . . . . . . . . . . . . . .  74
  9.  Applicability to the Autonomic Control Plane (ACP)  . . . . .  74
    9.1.  Operational Requirements  . . . . . . . . . . . . . . . .  75
      9.1.1.  MASA Operational Requirements . . . . . . . . . . . .  76
      9.1.2.  Domain Owner Operational Requirements . . . . . . . .  76
      9.1.3.  Device Operational Requirements . . . . . . . . . . .  77
  10. Privacy Considerations  . . . . . . . . . . . . . . . . . . .  78
    10.1.  MASA audit log . . . . . . . . . . . . . . . . . . . . .  78
    10.2.  What BRSKI-EST reveals . . . . . . . . . . . . . . . . .  78
    10.3.  What BRSKI-MASA reveals to the manufacturer  . . . . . .  79
    10.4.  Manufacturers and Used or Stolen Equipment . . . . . . .  81
    10.5.  Manufacturers and Grey market equipment  . . . . . . . .  82
    10.6.  Some mitigations for meddling by manufacturers . . . . .  83
    10.7.  Death of a manufacturer  . . . . . . . . . . . . . . . .  84
  11. Security Considerations . . . . . . . . . . . . . . . . . . .  85
    11.1.  Denial of Service (DoS) against MASA . . . . . . . . . .  85
    11.2.  DomainID must be resistant to second-preimage attacks  .  86
    11.3.  Availability of good random numbers  . . . . . . . . . .  86
    11.4.  Freshness in Voucher-Requests  . . . . . . . . . . . . .  87
    11.5.  Trusting manufacturers . . . . . . . . . . . . . . . . .  88
    11.6.  Manufacturer Maintenance of trust anchors  . . . . . . .  89
      11.6.1.  Compromise of Manufacturer IDevID signing keys . . .  90
      11.6.2.  Compromise of MASA signing keys  . . . . . . . . . .  91
      11.6.3.  Compromise of MASA web service . . . . . . . . . . .  93
    11.7.  YANG Module Security Considerations  . . . . . . . . . .  94
  12. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  94
  13. References  . . . . . . . . . . . . . . . . . . . . . . . . .  94
    13.1.  Normative References . . . . . . . . . . . . . . . . . .  94
    13.2.  Informative References . . . . . . . . . . . . . . . . .  98
  Appendix A.  IPv4 and non-ANI operations  . . . . . . . . . . . . 102
    A.1.  IPv4 Link Local addresses . . . . . . . . . . . . . . . . 102
    A.2.  Use of DHCPv4 . . . . . . . . . . . . . . . . . . . . . . 102
  Appendix B.  mDNS / DNSSD proxy discovery options . . . . . . . . 102
  Appendix C.  Example Vouchers . . . . . . . . . . . . . . . . . . 103
    C.1.  Keys involved . . . . . . . . . . . . . . . . . . . . . . 103
      C.1.1.  Manufacturer Certificate Authority for IDevID
              signatures  . . . . . . . . . . . . . . . . . . . . . 104
      C.1.2.  MASA key pair for voucher signatures  . . . . . . . . 105
      C.1.3.  Registrar Certificate Authority . . . . . . . . . . . 107
      C.1.4.  Registrar key pair  . . . . . . . . . . . . . . . . . 108

Pritikin, et al.          Expires 25 March 2021                [Page 4]
Internet-Draft                    BRSKI                  September 2020

      C.1.5.  Pledge key pair . . . . . . . . . . . . . . . . . . . 110
    C.2.  Example process . . . . . . . . . . . . . . . . . . . . . 111
      C.2.1.  Pledge to Registrar . . . . . . . . . . . . . . . . . 111
      C.2.2.  Registrar to MASA . . . . . . . . . . . . . . . . . . 115
      C.2.3.  MASA to Registrar . . . . . . . . . . . . . . . . . . 121
  Appendix D.  Additional References  . . . . . . . . . . . . . . . 125
  Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . 125

1.  Introduction

  The Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol
  provides a solution for secure zero-touch (automated) bootstrap of
  new (unconfigured) devices that are called pledges in this document.
  Pledges have an IDevID installed in them at the factory.

  "BRSKI" is pronounced like "brewski", a colloquial term for beer in
  Canada and parts of the US-midwest. [brewski]

  This document primarily provides for the needs of the ISP and
  Enterprise focused ANIMA Autonomic Control Plane (ACP)
  [I-D.ietf-anima-autonomic-control-plane].  This bootstrap process
  satisfies the [RFC7575] requirements of section 3.3 of making all
  operations secure by default.  Other users of the BRSKI protocol will
  need to provide separate applicability statements that include
  privacy and security considerations appropriate to that deployment.
  Section 9 explains the detailed applicability for this the ACP usage.

  The BRSKI protocol requires a significant amount of communication
  between manufacturer and owner: in its default modes it provides a
  cryptographic transfer of control to the initial owner.  In its
  strongest modes, it leverages sales channel information to identify
  the owner in advance.  Resale of devices is possible, provided that
  the manufacturer is willing to authorize the transfer.  Mechanisms to
  enable transfers of ownership without manufacturer authorization are
  not included in this version of the protocol, but could be designed
  into future versions.

  This document describes how pledges discover (or are discovered by)
  an element of the network domain to which the pledge belongs that
  will perform the bootstrap.  This element (device) is called the
  registrar.  Before any other operation, pledge and registrar need to
  establish mutual trust:

  1.  Registrar authenticating the pledge: "Who is this device?  What
      is its identity?"

  2.  Registrar authorizing the pledge: "Is it mine?  Do I want it?
      What are the chances it has been compromised?"

Pritikin, et al.          Expires 25 March 2021                [Page 5]
Internet-Draft                    BRSKI                  September 2020

  3.  Pledge authenticating the registrar: "What is this registrar's
      identity?"

  4.  Pledge authorizing the registrar: "Should I join this network?"

  This document details protocols and messages to answer the above
  questions.  It uses a TLS connection and an PKIX-shaped (X.509v3)
  certificate (an IEEE 802.1AR [IDevID] IDevID) of the pledge to answer
  points 1 and 2.  It uses a new artifact called a "voucher" that the
  registrar receives from a "Manufacturer Authorized Signing Authority"
  (MASA) and passes to the pledge to answer points 3 and 4.

  A proxy provides very limited connectivity between the pledge and the
  registrar.

  The syntactic details of vouchers are described in detail in
  [RFC8366].  This document details automated protocol mechanisms to
  obtain vouchers, including the definition of a 'voucher-request'
  message that is a minor extension to the voucher format (see
  Section 3) defined by [RFC8366].

  BRSKI results in the pledge storing an X.509 root certificate
  sufficient for verifying the registrar identity.  In the process a
  TLS connection is established that can be directly used for
  Enrollment over Secure Transport (EST).  In effect BRSKI provides an
  automated mechanism for the "Bootstrap Distribution of CA
  Certificates" described in [RFC7030] Section 4.1.1 wherein the pledge
  "MUST [...] engage a human user to authorize the CA certificate using
  out-of-band" information.  With BRSKI the pledge now can automate
  this process using the voucher.  Integration with a complete EST
  enrollment is optional but trivial.

  BRSKI is agile enough to support bootstrapping alternative key
  infrastructures, such as a symmetric key solutions, but no such
  system is described in this document.

1.1.  Prior Bootstrapping Approaches

  To literally "pull yourself up by the bootstraps" is an impossible
  action.  Similarly the secure establishment of a key infrastructure
  without external help is also an impossibility.  Today it is commonly
  accepted that the initial connections between nodes are insecure,
  until key distribution is complete, or that domain-specific keying
  material (often pre-shared keys, including mechanisms like SIM cards)
  is pre-provisioned on each new device in a costly and non-scalable
  manner.  Existing automated mechanisms are known as non-secured
  'Trust on First Use' (TOFU) [RFC7435], 'resurrecting duckling'
  [Stajano99theresurrecting] or 'pre-staging'.

Pritikin, et al.          Expires 25 March 2021                [Page 6]
Internet-Draft                    BRSKI                  September 2020

  Another prior approach has been to try and minimize user actions
  during bootstrapping, but not eliminate all user-actions.  The
  original EST protocol [RFC7030] does reduce user actions during
  bootstrap but does not provide solutions for how the following
  protocol steps can be made autonomic (not involving user actions):

  *  using the Implicit Trust Anchor [RFC7030] database to authenticate
      an owner specific service (not an autonomic solution because the
      URL must be securely distributed),

  *  engaging a human user to authorize the CA certificate using out-
      of-band data (not an autonomic solution because the human user is
      involved),

  *  using a configured Explicit TA database (not an autonomic solution
      because the distribution of an explicit TA database is not
      autonomic),

  *  and using a Certificate-Less TLS mutual authentication method (not
      an autonomic solution because the distribution of symmetric key
      material is not autonomic).

  These "touch" methods do not meet the requirements for zero-touch.

  There are "call home" technologies where the pledge first establishes
  a connection to a well known manufacturer service using a common
  client-server authentication model.  After mutual authentication,
  appropriate credentials to authenticate the target domain are
  transferred to the pledge.  This creates several problems and
  limitations:

  *  the pledge requires realtime connectivity to the manufacturer
      service,

  *  the domain identity is exposed to the manufacturer service (this
      is a privacy concern),

  *  the manufacturer is responsible for making the authorization
      decisions (this is a liability concern),

  BRSKI addresses these issues by defining extensions to the EST
  protocol for the automated distribution of vouchers.

Pritikin, et al.          Expires 25 March 2021                [Page 7]
Internet-Draft                    BRSKI                  September 2020

1.2.  Terminology

  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
  "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
  "OPTIONAL" in this document are to be interpreted as described in BCP
  14 [RFC2119] [RFC8174] when, and only when, they appear in all
  capitals, as shown here.

  The following terms are defined for clarity:

  ANI:  The Autonomic Network Infrastructure as defined by
      [I-D.ietf-anima-reference-model].  Section 9 details specific
      requirements for pledges, proxies and registrars when they are
      part of an ANI.

  Circuit Proxy:  A stateful implementation of the join proxy.  This is
      the assumed type of proxy.

  drop-ship:  The physical distribution of equipment containing the
      "factory default" configuration to a final destination.  In zero-
      touch scenarios there is no staging or pre-configuration during
      drop-ship.

  Domain:  The set of entities that share a common local trust anchor.
      This includes the proxy, registrar, Domain Certificate Authority,
      Management components and any existing entity that is already a
      member of the domain.

  domainID:  The domain IDentity is a unique value based upon the
      Registrar CA's certificate.  Section 5.8.2 specifies how it is
      calculated.

  Domain CA:  The domain Certification Authority (CA) provides
      certification functionalities to the domain.  At a minimum it
      provides certification functionalities to a registrar and manages
      the private key that defines the domain.  Optionally, it certifies
      all elements.

  enrollment:  The process where a device presents key material to a
      network and acquires a network-specific identity.  For example
      when a certificate signing request is presented to a certification
      authority and a certificate is obtained in response.

  imprint:  The process where a device obtains the cryptographic key
      material to identify and trust future interactions with a network.
      This term is taken from Konrad Lorenz's work in biology with new
      ducklings: during a critical period, the duckling would assume
      that anything that looks like a mother duck is in fact their

Pritikin, et al.          Expires 25 March 2021                [Page 8]
Internet-Draft                    BRSKI                  September 2020

      mother.  An equivalent for a device is to obtain the fingerprint
      of the network's root certification authority certificate.  A
      device that imprints on an attacker suffers a similar fate to a
      duckling that imprints on a hungry wolf.  Securely imprinting is a
      primary focus of this document [imprinting].  The analogy to
      Lorenz's work was first noted in [Stajano99theresurrecting].

  IDevID:  An Initial Device Identity X.509 certificate installed by
      the vendor on new equipment.  This is a term from 802.1AR [IDevID]

  IPIP Proxy:  A stateless proxy alternative.

  Join Proxy:  A domain entity that helps the pledge join the domain.
      A join proxy facilitates communication for devices that find
      themselves in an environment where they are not provided
      connectivity until after they are validated as members of the
      domain.  For simplicity this document sometimes uses the term of
      'proxy' to indicate the join proxy.  The pledge is unaware that
      they are communicating with a proxy rather than directly with a
      registrar.

  Join Registrar (and Coordinator):  A representative of the domain
      that is configured, perhaps autonomically, to decide whether a new
      device is allowed to join the domain.  The administrator of the
      domain interfaces with a "join registrar (and coordinator)" to
      control this process.  Typically a join registrar is "inside" its
      domain.  For simplicity this document often refers to this as just
      "registrar".  Within [I-D.ietf-anima-reference-model] this is
      referred to as the "join registrar autonomic service agent".
      Other communities use the abbreviation "JRC".

  LDevID:  A Local Device Identity X.509 certificate installed by the
      owner of the equipment.  This is a term from 802.1AR [IDevID]

  manufacturer:  the term manufacturer is used throughout this document
      to be the entity that created the device.  This is typically the
      "original equipment manufacturer" or OEM, but in more complex
      situations it could be a "value added retailer" (VAR), or possibly
      even a systems integrator.  In general, it a goal of BRSKI to
      eliminate small distinctions between different sales channels.
      The reason for this is that it permits a single device, with a
      uniform firmware load, to be shipped directly to all customers.
      This eliminates costs for the manufacturer.  This also reduces the
      number of products supported in the field increasing the chance
      that firmware will be more up to date.

  MASA Audit-Log:  An anonymized list of previous owners maintained by

Pritikin, et al.          Expires 25 March 2021                [Page 9]
Internet-Draft                    BRSKI                  September 2020

      the MASA on a per device (per pledge) basis.  Described in
      Section 5.8.1.

  MASA Service:  A third-party Manufacturer Authorized Signing
      Authority (MASA) service on the global Internet.  The MASA signs
      vouchers.  It also provides a repository for audit-log information
      of privacy protected bootstrapping events.  It does not track
      ownership.

  nonced:  a voucher (or request) that contains a nonce (the normal
      case).

  nonceless:  a voucher (or request) that does not contain a nonce,
      relying upon accurate clocks for expiration, or which does not
      expire.

  offline:  When an architectural component cannot perform realtime
      communications with a peer, either due to network connectivity or
      because the peer is turned off, the operation is said to be
      occurring offline.

  Ownership Tracker:  An Ownership Tracker service on the global
      Internet.  The Ownership Tracker uses business processes to
      accurately track ownership of all devices shipped against domains
      that have purchased them.  Although optional, this component
      allows vendors to provide additional value in cases where their
      sales and distribution channels allow for accurate tracking of
      such ownership.  Ownership tracking information is indicated in
      vouchers as described in [RFC8366]

  Pledge:  The prospective (unconfigured) device, which has an identity
      installed at the factory.

  (Public) Key Infrastructure:  The collection of systems and processes
      that sustain the activities of a public key system.  The registrar
      acts as an [RFC5280] and [RFC5272] (see section 7) "Registration
      Authority".

  TOFU:  Trust on First Use. Used similarly to [RFC7435].  This is
      where a pledge device makes no security decisions but rather
      simply trusts the first registrar it is contacted by.  This is
      also known as the "resurrecting duckling" model.

  Voucher:  A signed artifact from the MASA that indicates to a pledge
      the cryptographic identity of the registrar it should trust.
      There are different types of vouchers depending on how that trust
      is asserted.  Multiple voucher types are defined in [RFC8366]

Pritikin, et al.          Expires 25 March 2021                [Page 10]
Internet-Draft                    BRSKI                  September 2020

1.3.  Scope of solution

1.3.1.  Support environment

  This solution (BRSKI) can support large router platforms with multi-
  gigabit inter-connections, mounted in controlled access data centers.
  But this solution is not exclusive to large equipment: it is intended
  to scale to thousands of devices located in hostile environments,
  such as ISP provided CPE devices which are drop-shipped to the end
  user.  The situation where an order is fulfilled from distributed
  warehouse from a common stock and shipped directly to the target
  location at the request of a domain owner is explicitly supported.
  That stock ("SKU") could be provided to a number of potential domain
  owners, and the eventual domain owner will not know a-priori which
  device will go to which location.

  The bootstrapping process can take minutes to complete depending on
  the network infrastructure and device processing speed.  The network
  communication itself is not optimized for speed; for privacy reasons,
  the discovery process allows for the pledge to avoid announcing its
  presence through broadcasting.

  Nomadic or mobile devices often need to acquire credentials to access
  the network at the new location.  An example of this is mobile phone
  roaming among network operators, or even between cell towers.  This
  is usually called handoff.  BRSKI does not provide a low-latency
  handoff which is usually a requirement in such situations.  For these
  solutions BRSKI can be used to create a relationship (an LDevID) with
  the "home&Ballot comment text updated for John Scudder

[Ballot comment]
As a rank QUIC neophyte my ability to offer serious technical review of this document is limited at best. However I do have a few questions that (in the best case) might reveal lacunae that experts overlooked but which trip up a neophyte, or (in the worst case) only my own ignorance.

1. In the Motivation section you write,

  *  Applications that open both a reliable TLS stream and an
      unreliable DTLS flow to the same peer can benefit by sharing a
      single handshake and authentication context between a reliable
      QUIC stream and flow of unreliable QUIC datagrams.  This can
      reduce the latency required for handshakes.

This threw me off, considering that in the previous section (Introduction) you point to UDP/DTLS as a prior way of providing a similar service. In the quotation above it seems as though you’re using them synonymously… or something.

TBH, I just don’t follow what the quoted text is getting at. :-( I do get (in a general way) that QUIC makes use of (parts of?) TLS, but that doesn’t allow me to make sense of it.

2. You’re inconsistent about whether DATAGRAM frames have a type, singular, or types, plural. Plural seems right to me, but read on. In §3, you refer to “the DATAGRAM frame types”, plural. But then in §4 you say that the LSB of “the DATAGRAM frame type” (singular) “is the LEN bit”. Seems to me you should make up your mind: either you have two types, 0x30 and 0x31, whose semantics differ in respect to the Length field, OR you have a single type and a flag.

Really I think you have two types (witness the IANA allocation: two, not one) and the characterization of the LSB as a flag is just a distraction, I would remove it. Clearly that doesn’t prevent an implementor from taking advantage of the structure if they want to, but I think it would clean up some awkwardness in the prose.

3. Further to that, in Section 4 you say,

              The DATAGRAM frame type takes the form 0b0011000X
  (or the values 0x30 and 0x31).

It took me an embarrassingly long time to recognize that the first form you list means “binary 0011000x, where x indicates ‘don’t care’”. I suppose maybe I was slow because we use hex notation all the time in our document set, and binary notation exceedingly seldom in my experience. Possibly I am the only person who will stumble on this. But possibly not. In any case if you were to clean up my “is it one type, or two” complaint by collapsing the waveform to “it’s two”, this problem would also go away.

4. In Section 5 you say,

  When a QUIC endpoint receives a valid DATAGRAM frame, it SHOULD
  deliver the data to the application immediately, as long as it is
  able to process the frame and can store the contents in memory.

Isn’t the final clause in the category of “well, duh”? I mean, is there a situation in which a QUIC endpoint is *not* able to process the frame or *not* able to store the contents in memory, but still might be expected to deliver the data to the application? Seems like that’d be a “no”.

I mean, the remark does no real harm, but why bother stating the obvious?

[Ballot discuss]
Section 5 refers to a "max_packet_size" transport parameter but I do not
see that parameter defined in the registry or RFC 9000.
It seems that a transport parameter of that name was present in earlier
versions of draft-ietf-quic-transport, but got renamed to
max_udp_payload_size in the -28, so hopefully this is just a trivial
rename.

[Ballot comment]
I put some editorial suggestions (including the presumed resolution of the
DISCUSS) on github at https://github.com/quicwg/datagram/pull/76 .

Section 2

  *  QUIC uses a more nuanced loss recovery mechanism than the DTLS
      handshake, which has a basic packet loss retransmission timer.

This is true of DTLS 1.2 and prior versions, which technically is right
now the current version of DTLS.  However, it's not quite true of DTLS
1.3, which includes an explicit ACK message to supplement the
retransmission timer.  DTLS 1.3 stands a pretty decent chance of being
published as an RFC prior to this document (per ekr, it should have the
last technical changes from the WG finalized this weekend and then go into
the "real" AUTH48 state), so I think we ought to speak to the mechanisms
of DTLS 1.3 here.

Section 3

  For most uses of DATAGRAM frames, it is RECOMMENDED to send a value
  of 65535 in the max_datagram_frame_size transport parameter to
  indicate that this endpoint will accept any DATAGRAM frame that fits
  inside a QUIC packet.

It's interesting to compare this to the RFC 9000 max_udp_payload_size
default of 65527, the maximum permitted UDP payload.  Indeed, the QUIC
1-RTT packet header does not even contain a length field that would limit
the frame size.  So I'm not entirely sure what motivates the 65535 value
specifically.  (I do see the subsequent discussion about how there are
other factors, including max_packet_size/max_udp_payload_size, that can
further limit what is usable.)

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-quic-datagram-07. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there are two actions which we must complete.

First, in the QUIC Transport Parameters registry on the QUIC registry page located at:

https://www.iana.org/assignments/quic/

the following registration will be made permanent and its reference changed to [ RFC-to-be ]:

Value: 0x20
Parameter Name: max_datagram_frame_size
Status: permanent
Specification: [ RFC-to-be ]
Date: [ TBD-at-Registration ]
Change Controller: IETF
Contact: [QUIC_WG]

Second, in the QUIC Frame Types registry also on the QUIC registry page located at:

https://www.iana.org/assignments/quic/

two registrations will be made permanent and their references changed to [ RFC-to-be ]:

Value: 0x30
Frame Type Name: DATAGRAM
Status: permanent
Specification: [ RFC-to-be ]
Date: [ TBD-at-Registration ]
Change Controller: IETF
Contact: [QUIC_WG]

Value: 0x31
Frame Type Name: DATAGRAM
Status: permanent
Specification: [ RFC-to-be ]
Date: [ TBD-at-Registration ]
Change Controller: IETF
Contact: [QUIC_WG]

The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Lead IANA Services Specialist

The following Last Call announcement was sent out (ends 2021-12-24):

From: The IESG
To: IETF-Announce
CC: Zaheduzzaman.Sarker@ericsson.com, draft-ietf-quic-datagram@ietf.org, lucaspardue.24.7@gmail.com, quic-chairs@ietf.org, quic@ietf.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (An Unreliable Datagram Extension to QUIC) to Proposed Standard


The IESG has received a request from the QUIC WG (quic) to consider the
following document: - 'An Unreliable Datagram Extension to QUIC'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2021-12-24. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document defines an extension to the QUIC transport protocol to
  add support for sending and receiving unreliable datagrams over a
  QUIC connection.

Discussion Venues

  This note is to be removed before publishing as an RFC.

  Discussion of this document takes place on the QUIC Working Group
  mailing list (mailto:quic@ietf.org), which is archived at
  https://mailarchive.ietf.org/arch/browse/quic/.

  Source for this draft and an issue tracker can be found at
  https://github.com/quicwg/datagram.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-quic-datagram/



No IPR declarations have been submitted directly on this I-D.

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)? Why is this the proper type
of RFC? Is this type of RFC indicated in the title page header?

Proposed Standard. This is the proper type for a simple extension to QUIC.

(2) The IESG approval announcement includes a Document Announcement Write-Up.
Please provide such a Document Announcement Write-Up. Recent examples can be
found in the "Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary:

The draft defines a simple extension to the QUIC transport (RFC 9000), using the
well-defined extension mechanisms. It registers a new DATAGRAM frame type for
unreliable application data and clearly describes how the frame transmission and
reception operates within the loss recovery and detection framework of QUIC.

Working Group Summary:

There are two notable points but clear WG consensus was established through the
development and last call.

The first point is about datagram demultiplexing identifiers. Prior to WG
adoption of this document, earlier drafts included a demultiplexing field in the
DATAGRAM frame. Discussion of the document before adoption led to the field
being removed and the definition of such a field delegated to applications using
datagrams. The topic came up again during the WG activity and we were able to
reach clear consensus to continue delegating the field to applications. In
future, with deployment experience, we may discover patterns of identifiers that
could be incorporated into the transport layer. There was consensus to not block
progress on this draft in order to wait for such experience.

The second point is about DATAGRAM ack-elicitation. Near the time the document
was ready for WGLC, a use case was identified for delaying acknowledgement of
DATAGRAMs. There was some rigourous discussion on this topic, with several
proposals for design change to the datagram specification. In opposition of such
design changes were concerns over unintended consequences to congestion control.
WG discussion identified other ways in which the use case might be addressed,
which harnessed the extensibility mechanisms of the QUIC protocol. Given the
broad range of possible technical solutions, the chairs sought clarity about
whether the group believed the use case needed to be solved in the scope of this
document. A consensus call was issued and the responses established clear
consensus to not work it.

Document Quality:

There are several implementations of the datagram extension and several
interoperable deployments of the datagram extension deployed on the Internet.
This extension provides an unreliable data transport feature that application
protocols can build upon. Within the IETF, the MASQUE and WebTrans WGs have
adopted documents to define such application uses. Other members of the
community are also interested in using this extension.

No special review has been required.

Personnel:

Lucas Pardue is the document shepherd. Zahed Sarker is the AD.

(3) Briefly describe the review of this document that was performed by the
Document Shepherd. If this version of the document is not ready for publication,
please explain why the document is being forwarded to the IESG.

I have reviewed this document thoroughly and implemented the extension. The
scope of the extension is focused and is straightforward to implement for any
person familiar with QUIC.

(4) Does the document Shepherd have any concerns about the depth or breadth of
the reviews that have been performed?

None. The datagram document has been developed alongside the QUIC core protocol
and has benefitted from relevant and up-to-date review expertise within the WG
and community.

(5) Do portions of the document need review from a particular or from broader
perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or
internationalization? If so, describe the review that took place.

No special review is required.

(6) Describe any specific concerns or issues that the Document Shepherd has with
this document that the Responsible Area Director and/or the IESG should be aware
of? For example, perhaps he or she is uncomfortable with certain parts of the
document, or has concerns whether there really is a need for it. In any event,
if the WG has discussed those issues and has indicated that it still wishes to
advance the document, detail those concerns here.

No specific concerns.

(7) Has each author confirmed that any and all appropriate IPR disclosures
required for full conformance with the provisions of BCP 78 and BCP 79 have
already been filed. If not, explain why?

Yes. There are no IPR disclosures for this document.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

There are no IPR disclosures for this document.

(9) How solid is the WG consensus behind this document? Does it represent the
strong concurrence of a few individuals, with others being silent, or does the
WG as a whole understand and agree with it?

This extension defined in this document has been implemented and deployed by a
wide range of vendors. The notable points described in answer (2) were resolved
within the working group with clear consensus before WGLC. During WGLC only
a handful of editorial issues were raised.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?
If so, please summarise the areas of conflict in separate email messages to the
Responsible Area Director. (It should be in a separate email because this
questionnaire is publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this document. (See
http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist).
Boilerplate checks are not enough; this check needs to be thorough.

No nits.

(12) Describe how the document meets any required formal review criteria, such
as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

(13) Have all references within this document been identified as either
normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative references
exist, what is the plan for their completion?

No.

(15) Are there downward normative references references (see RFC 3967)? If so,
list these downward references to support the Area Director in the Last Call
procedure.

No.

(16) Will publication of this document change the status of any existing RFCs?
Are those RFCs listed on the title page header, listed in the abstract, and
discussed in the introduction? If the RFCs are not listed in the Abstract and
Introduction, explain why, and point to the part of the document where the
relationship of this document to the other RFCs is discussed. If this
information is not in the document, explain why the WG considers it unnecessary.

No.

(17) Describe the Document Shepherd's review of the IANA considerations section,
especially with regard to its consistency with the body of the document. Confirm
that all protocol extensions that the document makes are associated with the
appropriate reservations in IANA registries. Confirm that any referenced IANA
registries have been clearly identified. Confirm that newly created IANA
registries include a detailed specification of the initial contents for the
registry, that allocations procedures for future registrations are defined, and
a reasonable name for the new registry has been suggested (see RFC 8126).

This document registers a new Transport Parameter. This is a permanent
registration in the range 0x00-0x3f, which requires Standards Action or IESG
approval.

This document registers two new QUIC frame types. This is a permanent
registration in the range 0x00-0x3f, which requires Standards Action or IESG
approval.

The registrations conform to the registration requirements of IANA.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find useful in
selecting the IANA Experts for these new registries.

N/A

(19) Describe reviews and automated checks performed by the Document Shepherd to
validate sections of the document written in a formal language, such as XML
code, BNF rules, MIB definitions, YANG modules, etc.

N/A

(20) If the document contains a YANG module, has the module been checked with
any of the recommended validation tools
(https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and
formatting validation? If there are any resulting errors or warnings, what is
the justification for not fixing them at this time? Does the YANG module comply
with the Network Management Datastore Architecture (NMDA) as specified in
RFC8342?

N/A

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)? Why is this the proper type
of RFC? Is this type of RFC indicated in the title page header?

Proposed Standard. This is the proper type for a simple extension to QUIC.

(2) The IESG approval announcement includes a Document Announcement Write-Up.
Please provide such a Document Announcement Write-Up. Recent examples can be
found in the "Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary:

The draft defines a simple extension to the QUIC transport (RFC 9000), using the
well-defined extension mechanisms. It registers a new DATAGRAM frame type for
unreliable application data and clearly describes how the frame transmission and
reception operates within the loss recovery and detection framework of QUIC.

Working Group Summary:

There are two notable points but clear WG consensus was established through the
development and last call.

The first point is about datagram demultiplexing identifiers. Prior to WG
adoption of this document, earlier drafts included a demultiplexing field in the
DATAGRAM frame. Discussion of the document before adoption led to the field
being removed and the definition of such a field delegated to applications using
datagrams. The topic came up again during the WG activity and we were able to
reach clear consensus to continue delegating the field to applications. In
future, with deployment experience, we may discover patterns of identifiers that
could be incorporated into the transport layer. There was consensus to not block
progress on this draft in order to wait for such experience.

The second point is about DATAGRAM ack-elicitation. Near the time the document
was ready for WGLC, a use case was identified for delaying acknowledgement of
DATAGRAMs. There was some rigourous discussion on this topic, with several
proposals for design change to the datagram specification. In opposition of such
design changes were concerns over unintended consequences to congestion control.
WG discussion identified other ways in which the use case might be addressed,
which harnessed the extensibility mechanisms of the QUIC protocol. Given the
broad range of possible technical solutions, the chairs sought clarity about
whether the group believed the use case needed to be solved in the scope of this
document. A consensus call was issued and the responses established clear
consensus to not work it.

Document Quality:

There are several implementations of the datagram extension and several
interoperable deployments of the datagram extension deployed on the Internet.
This extension provides an unreliable data transport feature that application
protocols can build upon. Within the IETF, the MASQUE and WebTrans WGs have
adopted documents to define such application uses. Other members of the
community are also interested in using this extension.

No special review has been required.

Personnel:

Lucas Pardue is the document shepherd. Zahed Sarker is the AD.

(3) Briefly describe the review of this document that was performed by the
Document Shepherd. If this version of the document is not ready for publication,
please explain why the document is being forwarded to the IESG.

I have reviewed this document thoroughly and implemented the extension. The
scope of the extension is focused and is straightforward to implement for any
person familiar with QUIC.

(4) Does the document Shepherd have any concerns about the depth or breadth of
the reviews that have been performed?

None. The datagram document has been developed alongside the QUIC core protocol
and has benefitted from relevant and up-to-date review expertise within the WG
and community.

(5) Do portions of the document need review from a particular or from broader
perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or
internationalization? If so, describe the review that took place.

No special review is required.

(6) Describe any specific concerns or issues that the Document Shepherd has with
this document that the Responsible Area Director and/or the IESG should be aware
of? For example, perhaps he or she is uncomfortable with certain parts of the
document, or has concerns whether there really is a need for it. In any event,
if the WG has discussed those issues and has indicated that it still wishes to
advance the document, detail those concerns here.

No specific concerns.

(7) Has each author confirmed that any and all appropriate IPR disclosures
required for full conformance with the provisions of BCP 78 and BCP 79 have
already been filed. If not, explain why?

Yes. There are no IPR disclosures for this document.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

There are no IPR disclosures for this document.

(9) How solid is the WG consensus behind this document? Does it represent the
strong concurrence of a few individuals, with others being silent, or does the
WG as a whole understand and agree with it?

This extension defined in this document has been implemented and deployed by a
wide range of vendors. The notable points described in answer (2) were resolved
within the working group with clear consensus before WGLC. During WGLC only
a handful of editorial issues were raised.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?
If so, please summarise the areas of conflict in separate email messages to the
Responsible Area Director. (It should be in a separate email because this
questionnaire is publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this document. (See
http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist).
Boilerplate checks are not enough; this check needs to be thorough.

No nits.

(12) Describe how the document meets any required formal review criteria, such
as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

(13) Have all references within this document been identified as either
normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative references
exist, what is the plan for their completion?

No.

(15) Are there downward normative references references (see RFC 3967)? If so,
list these downward references to support the Area Director in the Last Call
procedure.

No.

(16) Will publication of this document change the status of any existing RFCs?
Are those RFCs listed on the title page header, listed in the abstract, and
discussed in the introduction? If the RFCs are not listed in the Abstract and
Introduction, explain why, and point to the part of the document where the
relationship of this document to the other RFCs is discussed. If this
information is not in the document, explain why the WG considers it unnecessary.

No.

(17) Describe the Document Shepherd's review of the IANA considerations section,
especially with regard to its consistency with the body of the document. Confirm
that all protocol extensions that the document makes are associated with the
appropriate reservations in IANA registries. Confirm that any referenced IANA
registries have been clearly identified. Confirm that newly created IANA
registries include a detailed specification of the initial contents for the
registry, that allocations procedures for future registrations are defined, and
a reasonable name for the new registry has been suggested (see RFC 8126).

This document registers a new Transport Parameter. This is a permanent
registration in the range 0x00-0x3f, which requires Standards Action or IESG
approval.

This document registers two new QUIC frame types. This is a permanent
registration in the range 0x00-0x3f, which requires Standards Action or IESG
approval.

The registrations conform to the registration requirements of IANA.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find useful in
selecting the IANA Experts for these new registries.

N/A

(19) Describe reviews and automated checks performed by the Document Shepherd to
validate sections of the document written in a formal language, such as XML
code, BNF rules, MIB definitions, YANG modules, etc.

N/A

(20) If the document contains a YANG module, has the module been checked with
any of the recommended validation tools
(https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and
formatting validation? If there are any resulting errors or warnings, what is
the justification for not fixing them at this time? Does the YANG module comply
with the Network Management Datastore Architecture (NMDA) as specified in
RFC8342?

N/A