An Unreliable Datagram Extension to QUIC
draft-ietf-quic-datagram-10
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2022-03-28
|
10 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2022-03-21
|
10 | (System) | RFC Editor state changed to AUTH48 |
2022-02-10
|
10 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2022-02-08
|
10 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2022-02-08
|
10 | Éric Vyncke | Request closed, assignment withdrawn: Charles Perkins Telechat INTDIR review |
2022-02-08
|
10 | Éric Vyncke | Closed request for Telechat review by INTDIR with state 'Withdrawn': Telechat deadline has passed... The document has been approved by the IESG. Please next time, … Closed request for Telechat review by INTDIR with state 'Withdrawn': Telechat deadline has passed... The document has been approved by the IESG. Please next time, be explicit and refuse to review the document. Thank you. -éric |
2022-02-07
|
10 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2022-02-07
|
10 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2022-02-07
|
10 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2022-02-07
|
10 | (System) | RFC Editor state changed to EDIT |
2022-02-07
|
10 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2022-02-07
|
10 | (System) | Announcement was received by RFC Editor |
2022-02-07
|
10 | (System) | IANA Action state changed to In Progress |
2022-02-07
|
10 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2022-02-07
|
10 | Cindy Morgan | IESG has approved the document |
2022-02-07
|
10 | Cindy Morgan | Closed "Approve" ballot |
2022-02-07
|
10 | Cindy Morgan | Ballot approval text was generated |
2022-02-07
|
10 | Zaheduzzaman Sarker | IESG state changed to Approved-announcement to be sent from Approved-announcement sent |
2022-02-07
|
10 | Zaheduzzaman Sarker | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup |
2022-02-06
|
10 | Barry Leiba | Closed request for Last Call review by ARTART with state 'Overtaken by Events': Document has finished IESG processing |
2022-02-06
|
10 | Barry Leiba | Assignment of request for Last Call review by ARTART to Darrel Miller was marked no-response |
2022-02-04
|
10 | David Schinazi | New version available: draft-ietf-quic-datagram-10.txt |
2022-02-04
|
10 | (System) | New version approved |
2022-02-04
|
10 | (System) | Request for posting confirmation emailed to previous authors: David Schinazi , Eric Kinnear , Tommy Pauly |
2022-02-04
|
10 | David Schinazi | Uploaded new revision |
2022-02-03
|
09 | (System) | Removed all action holders (IESG state changed) |
2022-02-03
|
09 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2022-02-03
|
09 | Tommy Pauly | New version available: draft-ietf-quic-datagram-09.txt |
2022-02-03
|
09 | (System) | New version approved |
2022-02-03
|
09 | (System) | Request for posting confirmation emailed to previous authors: David Schinazi , Eric Kinnear , Tommy Pauly |
2022-02-03
|
09 | Tommy Pauly | Uploaded new revision |
2022-02-03
|
08 | (System) | Changed action holders to Tommy Pauly, David Schinazi, Eric Kinnear (IESG state changed) |
2022-02-03
|
08 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation |
2022-02-03
|
08 | Lars Eggert | [Ballot comment] Section 5.2. , paragraph 5, comment: > If a sender detects that a packet containing a specific DATAGRAM > frame might … [Ballot comment] Section 5.2. , paragraph 5, comment: > If a sender detects that a packet containing a specific DATAGRAM > frame might have been lost, the implementation MAY notify the > application that it believes the datagram was lost. > > Similarly, if a packet containing a DATAGRAM frame is acknowledged, > the implementation MAY notify the sender application that the > datagram was successfully transmitted and received. Due to Being able to emit these notifications seem to depend on structuring the API between the implementation and the application so that not only opaque datagram blobs are exchanged, but that they are also associated with some sort of identifier? Thanks to Meral Shirazipour for their General Area Review Team (Gen-ART) review (https://mailarchive.ietf.org/arch/msg/gen-art/7_tXP9y1m0RYcb-8k6P8IbyTMGc). ------------------------------------------------------------------------------- All comments below are about very minor potential issues that you may choose to address in some way - or ignore - as you see fit. Some were flagged by automated tools (via https://github.com/larseggert/ietf-reviewtool), so there will likely be some false positives. There is no need to let me know what you did with these suggestions. "Table of Contents", paragraph 2, nit: > . . . . . . . . . . . . 9 8. Acknowledgments . . . . . . . . . . . . . . . . > ^^^^^^^^^^^^^^^ Do not mix variants of the same word ("acknowledgment" and "acknowledgement") within a single text. "Table of Contents", paragraph 2, nit: > s, and each frame type defines whether or not the data it contains will be r > ^^^^^^^^^^^^^^ Consider shortening this phrase to just "whether". It is correct though if you mean "regardless of whether". |
2022-02-03
|
08 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded for Lars Eggert |
2022-02-03
|
08 | Martin Vigoureux | [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux |
2022-02-02
|
08 | Warren Kumari | [Ballot comment] Something that would make this document *much* more understandable, especially for those of us who are not so bright, is that QUIC datagrams … [Ballot comment] Something that would make this document *much* more understandable, especially for those of us who are not so bright, is that QUIC datagrams are not just QUIC carrying UDP. The document says: "In the past, these applications have built directly upon UDP [RFC0768] as a transport, and have often added security with DTLS [RFC6347]. Extending QUIC to support transmitting unreliable application data provides another option for secure datagrams, with the added benefit of sharing the cryptographic and authentication context used for reliable streams." Even though I knew that this isn't just tunneling UDP over QUIC, the above description and use of the term "datagram" (which has become synonymous with UDP) keeps making me forget that. I don't have any suggested text, but something like a "Note: This is a QUIC transport to carry unreliable data natively, and does not encapsulate UDP packets" or something. Also, much thanks to Jürgen Schönwälder for his OpsDir review of -07, and the authors for addressing the comments. I wanted to confirm that the authors had seen that Jürgen followed up with an additional review of -08 (much thanks Jürgen!) at https://datatracker.ietf.org/doc/review-ietf-quic-datagram-08-opsdir-telechat-schoenwaelder-2022-01-31/ |
2022-02-02
|
08 | Warren Kumari | Ballot comment text updated for Warren Kumari |
2022-02-02
|
08 | Warren Kumari | [Ballot comment] Something that would make this document *much* more understandable, especially for those of us who are not so bright, is that QUIC datagrams … [Ballot comment] Something that would make this document *much* more understandable, especially for those of us who are not so bright, is that QUIC datagrams are not just QUIC carrying UDP. The document says: "In the past, these applications have built directly upon UDP [RFC0768] as a transport, and have often added security with DTLS [RFC6347]. Extending QUIC to support transmitting unreliable application data provides another option for secure datagrams, with the added benefit of sharing the cryptographic and authentication context used for reliable streams." Even though I knew that this isn't just tunneling UDP over QUIC, the above description and use of the term "datagram" (which has become synonymous with UDP) keeps making me forget that. I don't have any suggested text, but something like a "Note: This is a QUIC transport to carry unreliable data natively, and does not encapsulate UDP packets" or something. Also, much thanks to Jürgen Schönwälder for his OpsDir review of -07, and the authors for addressing the comments. I wanted to confirm that the authors had seen that Jürgen followed up with an additional review of -08 (thanks Jürgen!) at https://datatracker.ietf.org/doc/review-ietf-quic-datagram-08-opsdir-telechat-schoenwaelder-2022-01-31/ |
2022-02-02
|
08 | Warren Kumari | [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari |
2022-02-02
|
08 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2022-02-02
|
08 | Éric Vyncke | [Ballot comment] Thank you for the work put into this document. It can indeed be very useful notably for the VPN case. Please find below … [Ballot comment] Thank you for the work put into this document. It can indeed be very useful notably for the VPN case. Please find below some blocking DISCUSS points (probably easy to address), some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits. Special thanks to Lucas Pardue for the shepherd's write-up including the section about the WG consensus even if I had appreciated a justification for the PS status rather than an assertion. I hope that this helps to improve the document, Regards, -éric ## Section 3 Does it make any sense to have max_datagram_frame_size <= 20 ? (IPv4 header size) ## Section 4 The first paragraph with the binary notation is not easy to parse. I really prefer the first paragraph of section 19.3 of RFC 9000. ## Section 5.1 I find the following text hard contradicting the first paragraph of section 5: QUIC implementations SHOULD present an API to applications to assign relative priorities to DATAGRAM frames with respect to each other and to QUIC streams. |
2022-02-02
|
08 | Éric Vyncke | [Ballot Position Update] New position, Yes, has been recorded for Éric Vyncke |
2022-02-01
|
08 | Murray Kucherawy | [Ballot comment] Section 3: * "... transport parameter greater or equal to ..." -- s/greater/greater than/ (two instances) Section 4: * I also tripped on … [Ballot comment] Section 3: * "... transport parameter greater or equal to ..." -- s/greater/greater than/ (two instances) Section 4: * I also tripped on the thing John pointed out. Section 5: * I don't understand the two SHOULDs in this section. When/why would you ever do otherwise? |
2022-02-01
|
08 | Murray Kucherawy | Ballot comment text updated for Murray Kucherawy |
2022-02-01
|
08 | Murray Kucherawy | [Ballot comment] Section 3: * "... transport parameter greater or equal to ..." -- s/greater/greater than/ (two instances) Section 5: * I don't understand the … [Ballot comment] Section 3: * "... transport parameter greater or equal to ..." -- s/greater/greater than/ (two instances) Section 5: * I don't understand the two SHOULDs in this section. When/why would you ever do otherwise? |
2022-02-01
|
08 | Murray Kucherawy | [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy |
2022-02-01
|
08 | John Scudder | [Ballot comment] As a rank QUIC neophyte my ability to offer serious technical review of this document is limited at best. However I do have … [Ballot comment] As a rank QUIC neophyte my ability to offer serious technical review of this document is limited at best. However I do have a few questions that (in the best case) might reveal lacunae that experts overlooked but which trip up a neophyte, or (in the worst case) only my own ignorance. 1. In the Motivation section you write, * Applications that open both a reliable TLS stream and an unreliable DTLS flow to the same peer can benefit by sharing a single handshake and authentication context between a reliable QUIC stream and flow of unreliable QUIC datagrams. This can reduce the latency required for handshakes. This threw me off, considering that in the previous section (Introduction) you point to UDP/DTLS as a prior way of providing a similar service. In the quotation above it seems as though you’re using them synonymously… or something. TBH, I just don’t follow what the quoted text is getting at. :-( I do get (in a general way) that QUIC makes use of (parts of?) TLS, but that doesn’t allow me to make sense of it. 2. You’re inconsistent about whether DATAGRAM frames have a type, singular, or types, plural. Plural seems right to me, but read on. In §3, you refer to “the DATAGRAM frame types”, plural. But then in §4 you say that the LSB of “the DATAGRAM frame type” (singular) “is the LEN bit”. Seems to me you should make up your mind: either you have two types, 0x30 and 0x31, whose semantics differ with respect to the Length field, OR you have a single type and a flag. Really I think you have two types (witness the IANA allocation: two, not one) and the characterization of the LSB as a flag is just a distraction, I would remove it. Clearly that doesn’t prevent an implementor from taking advantage of the structure if they want to, but I think it would clean up some awkwardness in the prose. 3. Further to that, in Section 4 you say, The DATAGRAM frame type takes the form 0b0011000X (or the values 0x30 and 0x31). It took me an embarrassingly long time to recognize that the first form you list means “binary 0011000x, where x indicates ‘don’t care’”. I suppose maybe I was slow because we use hex notation all the time in our document set, and binary notation exceedingly seldom in my experience. Possibly I am the only person who will stumble on this. But possibly not. In any case if you were to clean up my “is it one type, or two” complaint by collapsing the waveform to “it’s two”, this problem would also go away. 4. In Section 5 you say, When a QUIC endpoint receives a valid DATAGRAM frame, it SHOULD deliver the data to the application immediately, as long as it is able to process the frame and can store the contents in memory. Isn’t the final clause in the category of “well, duh”? I mean, is there a situation in which a QUIC endpoint is *not* able to process the frame or *not* able to store the contents in memory, but still might be expected to deliver the data to the application? Seems like that’d be a “no”. I mean, the remark does no real harm, but why bother stating the obvious? |
2022-02-01
|
08 | John Scudder | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 72 … 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 72 8.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 72 8.2. YANG Module Names Registry . . . . . . . . . . . . . . . 72 8.3. BRSKI well-known considerations . . . . . . . . . . . . . 72 8.3.1. BRSKI .well-known registration . . . . . . . . . . . 72 8.3.2. BRSKI .well-known registry . . . . . . . . . . . . . 73 8.4. PKIX Registry . . . . . . . . . . . . . . . . . . . . . . 73 8.5. Pledge BRSKI Status Telemetry . . . . . . . . . . . . . . 73 8.6. DNS Service Names . . . . . . . . . . . . . . . . . . . . 74 9. Applicability to the Autonomic Control Plane (ACP) . . . . . 74 9.1. Operational Requirements . . . . . . . . . . . . . . . . 75 9.1.1. MASA Operational Requirements . . . . . . . . . . . . 76 9.1.2. Domain Owner Operational Requirements . . . . . . . . 76 9.1.3. Device Operational Requirements . . . . . . . . . . . 77 10. Privacy Considerations . . . . . . . . . . . . . . . . . . . 78 10.1. MASA audit log . . . . . . . . . . . . . . . . . . . . . 78 10.2. What BRSKI-EST reveals . . . . . . . . . . . . . . . . . 78 10.3. What BRSKI-MASA reveals to the manufacturer . . . . . . 79 10.4. Manufacturers and Used or Stolen Equipment . . . . . . . 81 10.5. Manufacturers and Grey market equipment . . . . . . . . 82 10.6. Some mitigations for meddling by manufacturers . . . . . 83 10.7. Death of a manufacturer . . . . . . . . . . . . . . . . 84 11. Security Considerations . . . . . . . . . . . . . . . . . . . 85 11.1. Denial of Service (DoS) against MASA . . . . . . . . . . 85 11.2. DomainID must be resistant to second-preimage attacks . 86 11.3. Availability of good random numbers . . . . . . . . . . 86 11.4. Freshness in Voucher-Requests . . . . . . . . . . . . . 87 11.5. Trusting manufacturers . . . . . . . . . . . . . . . . . 88 11.6. Manufacturer Maintenance of trust anchors . . . . . . . 89 11.6.1. Compromise of Manufacturer IDevID signing keys . . . 90 11.6.2. Compromise of MASA signing keys . . . . . . . . . . 91 11.6.3. Compromise of MASA web service . . . . . . . . . . . 93 11.7. YANG Module Security Considerations . . . . . . . . . . 94 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 94 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 94 13.1. Normative References . . . . . . . . . . . . . . . . . . 94 13.2. Informative References . . . . . . . . . . . . . . . . . 98 Appendix A. IPv4 and non-ANI operations . . . . . . . . . . . . 102 A.1. IPv4 Link Local addresses . . . . . . . . . . . . . . . . 102 A.2. Use of DHCPv4 . . . . . . . . . . . . . . . . . . . . . . 102 Appendix B. mDNS / DNSSD proxy discovery options . . . . . . . . 102 Appendix C. Example Vouchers . . . . . . . . . . . . . . . . . . 103 C.1. Keys involved . . . . . . . . . . . . . . . . . . . . . . 103 C.1.1. Manufacturer Certificate Authority for IDevID signatures . . . . . . . . . . . . . . . . . . . . . 104 C.1.2. MASA key pair for voucher signatures . . . . . . . . 105 C.1.3. Registrar Certificate Authority . . . . . . . . . . . 107 C.1.4. Registrar key pair . . . . . . . . . . . . . . . . . 108 Pritikin, et al. Expires 25 March 2021 [Page 4] Internet-Draft BRSKI September 2020 C.1.5. Pledge key pair . . . . . . . . . . . . . . . . . . . 110 C.2. Example process . . . . . . . . . . . . . . . . . . . . . 111 C.2.1. Pledge to Registrar . . . . . . . . . . . . . . . . . 111 C.2.2. Registrar to MASA . . . . . . . . . . . . . . . . . . 115 C.2.3. MASA to Registrar . . . . . . . . . . . . . . . . . . 121 Appendix D. Additional References . . . . . . . . . . . . . . . 125 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 125 1. Introduction The Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol provides a solution for secure zero-touch (automated) bootstrap of new (unconfigured) devices that are called pledges in this document. Pledges have an IDevID installed in them at the factory. "BRSKI" is pronounced like "brewski", a colloquial term for beer in Canada and parts of the US-midwest. [brewski] This document primarily provides for the needs of the ISP and Enterprise focused ANIMA Autonomic Control Plane (ACP) [I-D.ietf-anima-autonomic-control-plane]. This bootstrap process satisfies the [RFC7575] requirements of section 3.3 of making all operations secure by default. Other users of the BRSKI protocol will need to provide separate applicability statements that include privacy and security considerations appropriate to that deployment. Section 9 explains the detailed applicability for this the ACP usage. The BRSKI protocol requires a significant amount of communication between manufacturer and owner: in its default modes it provides a cryptographic transfer of control to the initial owner. In its strongest modes, it leverages sales channel information to identify the owner in advance. Resale of devices is possible, provided that the manufacturer is willing to authorize the transfer. Mechanisms to enable transfers of ownership without manufacturer authorization are not included in this version of the protocol, but could be designed into future versions. This document describes how pledges discover (or are discovered by) an element of the network domain to which the pledge belongs that will perform the bootstrap. This element (device) is called the registrar. Before any other operation, pledge and registrar need to establish mutual trust: 1. Registrar authenticating the pledge: "Who is this device? What is its identity?" 2. Registrar authorizing the pledge: "Is it mine? Do I want it? What are the chances it has been compromised?" Pritikin, et al. Expires 25 March 2021 [Page 5] Internet-Draft BRSKI September 2020 3. Pledge authenticating the registrar: "What is this registrar's identity?" 4. Pledge authorizing the registrar: "Should I join this network?" This document details protocols and messages to answer the above questions. It uses a TLS connection and an PKIX-shaped (X.509v3) certificate (an IEEE 802.1AR [IDevID] IDevID) of the pledge to answer points 1 and 2. It uses a new artifact called a "voucher" that the registrar receives from a "Manufacturer Authorized Signing Authority" (MASA) and passes to the pledge to answer points 3 and 4. A proxy provides very limited connectivity between the pledge and the registrar. The syntactic details of vouchers are described in detail in [RFC8366]. This document details automated protocol mechanisms to obtain vouchers, including the definition of a 'voucher-request' message that is a minor extension to the voucher format (see Section 3) defined by [RFC8366]. BRSKI results in the pledge storing an X.509 root certificate sufficient for verifying the registrar identity. In the process a TLS connection is established that can be directly used for Enrollment over Secure Transport (EST). In effect BRSKI provides an automated mechanism for the "Bootstrap Distribution of CA Certificates" described in [RFC7030] Section 4.1.1 wherein the pledge "MUST [...] engage a human user to authorize the CA certificate using out-of-band" information. With BRSKI the pledge now can automate this process using the voucher. Integration with a complete EST enrollment is optional but trivial. BRSKI is agile enough to support bootstrapping alternative key infrastructures, such as a symmetric key solutions, but no such system is described in this document. 1.1. Prior Bootstrapping Approaches To literally "pull yourself up by the bootstraps" is an impossible action. Similarly the secure establishment of a key infrastructure without external help is also an impossibility. Today it is commonly accepted that the initial connections between nodes are insecure, until key distribution is complete, or that domain-specific keying material (often pre-shared keys, including mechanisms like SIM cards) is pre-provisioned on each new device in a costly and non-scalable manner. Existing automated mechanisms are known as non-secured 'Trust on First Use' (TOFU) [RFC7435], 'resurrecting duckling' [Stajano99theresurrecting] or 'pre-staging'. Pritikin, et al. Expires 25 March 2021 [Page 6] Internet-Draft BRSKI September 2020 Another prior approach has been to try and minimize user actions during bootstrapping, but not eliminate all user-actions. The original EST protocol [RFC7030] does reduce user actions during bootstrap but does not provide solutions for how the following protocol steps can be made autonomic (not involving user actions): * using the Implicit Trust Anchor [RFC7030] database to authenticate an owner specific service (not an autonomic solution because the URL must be securely distributed), * engaging a human user to authorize the CA certificate using out- of-band data (not an autonomic solution because the human user is involved), * using a configured Explicit TA database (not an autonomic solution because the distribution of an explicit TA database is not autonomic), * and using a Certificate-Less TLS mutual authentication method (not an autonomic solution because the distribution of symmetric key material is not autonomic). These "touch" methods do not meet the requirements for zero-touch. There are "call home" technologies where the pledge first establishes a connection to a well known manufacturer service using a common client-server authentication model. After mutual authentication, appropriate credentials to authenticate the target domain are transferred to the pledge. This creates several problems and limitations: * the pledge requires realtime connectivity to the manufacturer service, * the domain identity is exposed to the manufacturer service (this is a privacy concern), * the manufacturer is responsible for making the authorization decisions (this is a liability concern), BRSKI addresses these issues by defining extensions to the EST protocol for the automated distribution of vouchers. Pritikin, et al. Expires 25 March 2021 [Page 7] Internet-Draft BRSKI September 2020 1.2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. The following terms are defined for clarity: ANI: The Autonomic Network Infrastructure as defined by [I-D.ietf-anima-reference-model]. Section 9 details specific requirements for pledges, proxies and registrars when they are part of an ANI. Circuit Proxy: A stateful implementation of the join proxy. This is the assumed type of proxy. drop-ship: The physical distribution of equipment containing the "factory default" configuration to a final destination. In zero- touch scenarios there is no staging or pre-configuration during drop-ship. Domain: The set of entities that share a common local trust anchor. This includes the proxy, registrar, Domain Certificate Authority, Management components and any existing entity that is already a member of the domain. domainID: The domain IDentity is a unique value based upon the Registrar CA's certificate. Section 5.8.2 specifies how it is calculated. Domain CA: The domain Certification Authority (CA) provides certification functionalities to the domain. At a minimum it provides certification functionalities to a registrar and manages the private key that defines the domain. Optionally, it certifies all elements. enrollment: The process where a device presents key material to a network and acquires a network-specific identity. For example when a certificate signing request is presented to a certification authority and a certificate is obtained in response. imprint: The process where a device obtains the cryptographic key material to identify and trust future interactions with a network. This term is taken from Konrad Lorenz's work in biology with new ducklings: during a critical period, the duckling would assume that anything that looks like a mother duck is in fact their Pritikin, et al. Expires 25 March 2021 [Page 8] Internet-Draft BRSKI September 2020 mother. An equivalent for a device is to obtain the fingerprint of the network's root certification authority certificate. A device that imprints on an attacker suffers a similar fate to a duckling that imprints on a hungry wolf. Securely imprinting is a primary focus of this document [imprinting]. The analogy to Lorenz's work was first noted in [Stajano99theresurrecting]. IDevID: An Initial Device Identity X.509 certificate installed by the vendor on new equipment. This is a term from 802.1AR [IDevID] IPIP Proxy: A stateless proxy alternative. Join Proxy: A domain entity that helps the pledge join the domain. A join proxy facilitates communication for devices that find themselves in an environment where they are not provided connectivity until after they are validated as members of the domain. For simplicity this document sometimes uses the term of 'proxy' to indicate the join proxy. The pledge is unaware that they are communicating with a proxy rather than directly with a registrar. Join Registrar (and Coordinator): A representative of the domain that is configured, perhaps autonomically, to decide whether a new device is allowed to join the domain. The administrator of the domain interfaces with a "join registrar (and coordinator)" to control this process. Typically a join registrar is "inside" its domain. For simplicity this document often refers to this as just "registrar". Within [I-D.ietf-anima-reference-model] this is referred to as the "join registrar autonomic service agent". Other communities use the abbreviation "JRC". LDevID: A Local Device Identity X.509 certificate installed by the owner of the equipment. This is a term from 802.1AR [IDevID] manufacturer: the term manufacturer is used throughout this document to be the entity that created the device. This is typically the "original equipment manufacturer" or OEM, but in more complex situations it could be a "value added retailer" (VAR), or possibly even a systems integrator. In general, it a goal of BRSKI to eliminate small distinctions between different sales channels. The reason for this is that it permits a single device, with a uniform firmware load, to be shipped directly to all customers. This eliminates costs for the manufacturer. This also reduces the number of products supported in the field increasing the chance that firmware will be more up to date. MASA Audit-Log: An anonymized list of previous owners maintained by Pritikin, et al. Expires 25 March 2021 [Page 9] Internet-Draft BRSKI September 2020 the MASA on a per device (per pledge) basis. Described in Section 5.8.1. MASA Service: A third-party Manufacturer Authorized Signing Authority (MASA) service on the global Internet. The MASA signs vouchers. It also provides a repository for audit-log information of privacy protected bootstrapping events. It does not track ownership. nonced: a voucher (or request) that contains a nonce (the normal case). nonceless: a voucher (or request) that does not contain a nonce, relying upon accurate clocks for expiration, or which does not expire. offline: When an architectural component cannot perform realtime communications with a peer, either due to network connectivity or because the peer is turned off, the operation is said to be occurring offline. Ownership Tracker: An Ownership Tracker service on the global Internet. The Ownership Tracker uses business processes to accurately track ownership of all devices shipped against domains that have purchased them. Although optional, this component allows vendors to provide additional value in cases where their sales and distribution channels allow for accurate tracking of such ownership. Ownership tracking information is indicated in vouchers as described in [RFC8366] Pledge: The prospective (unconfigured) device, which has an identity installed at the factory. (Public) Key Infrastructure: The collection of systems and processes that sustain the activities of a public key system. The registrar acts as an [RFC5280] and [RFC5272] (see section 7) "Registration Authority". TOFU: Trust on First Use. Used similarly to [RFC7435]. This is where a pledge device makes no security decisions but rather simply trusts the first registrar it is contacted by. This is also known as the "resurrecting duckling" model. Voucher: A signed artifact from the MASA that indicates to a pledge the cryptographic identity of the registrar it should trust. There are different types of vouchers depending on how that trust is asserted. Multiple voucher types are defined in [RFC8366] Pritikin, et al. Expires 25 March 2021 [Page 10] Internet-Draft BRSKI September 2020 1.3. Scope of solution 1.3.1. Support environment This solution (BRSKI) can support large router platforms with multi- gigabit inter-connections, mounted in controlled access data centers. But this solution is not exclusive to large equipment: it is intended to scale to thousands of devices located in hostile environments, such as ISP provided CPE devices which are drop-shipped to the end user. The situation where an order is fulfilled from distributed warehouse from a common stock and shipped directly to the target location at the request of a domain owner is explicitly supported. That stock ("SKU") could be provided to a number of potential domain owners, and the eventual domain owner will not know a-priori which device will go to which location. The bootstrapping process can take minutes to complete depending on the network infrastructure and device processing speed. The network communication itself is not optimized for speed; for privacy reasons, the discovery process allows for the pledge to avoid announcing its presence through broadcasting. Nomadic or mobile devices often need to acquire credentials to access the network at the new location. An example of this is mobile phone roaming among network operators, or even between cell towers. This is usually called handoff. BRSKI does not provide a low-latency handoff which is usually a requirement in such situations. For these solutions BRSKI can be used to create a relationship (an LDevID) with the "home&Ballot comment text updated for John Scudder |
2022-02-01
|
08 | John Scudder | [Ballot comment] As a rank QUIC neophyte my ability to offer serious technical review of this document is limited at best. However I do have … [Ballot comment] As a rank QUIC neophyte my ability to offer serious technical review of this document is limited at best. However I do have a few questions that (in the best case) might reveal lacunae that experts overlooked but which trip up a neophyte, or (in the worst case) only my own ignorance. 1. In the Motivation section you write, * Applications that open both a reliable TLS stream and an unreliable DTLS flow to the same peer can benefit by sharing a single handshake and authentication context between a reliable QUIC stream and flow of unreliable QUIC datagrams. This can reduce the latency required for handshakes. This threw me off, considering that in the previous section (Introduction) you point to UDP/DTLS as a prior way of providing a similar service. In the quotation above it seems as though you’re using them synonymously… or something. TBH, I just don’t follow what the quoted text is getting at. :-( I do get (in a general way) that QUIC makes use of (parts of?) TLS, but that doesn’t allow me to make sense of it. 2. You’re inconsistent about whether DATAGRAM frames have a type, singular, or types, plural. Plural seems right to me, but read on. In §3, you refer to “the DATAGRAM frame types”, plural. But then in §4 you say that the LSB of “the DATAGRAM frame type” (singular) “is the LEN bit”. Seems to me you should make up your mind: either you have two types, 0x30 and 0x31, whose semantics differ in respect to the Length field, OR you have a single type and a flag. Really I think you have two types (witness the IANA allocation: two, not one) and the characterization of the LSB as a flag is just a distraction, I would remove it. Clearly that doesn’t prevent an implementor from taking advantage of the structure if they want to, but I think it would clean up some awkwardness in the prose. 3. Further to that, in Section 4 you say, The DATAGRAM frame type takes the form 0b0011000X (or the values 0x30 and 0x31). It took me an embarrassingly long time to recognize that the first form you list means “binary 0011000x, where x indicates ‘don’t care’”. I suppose maybe I was slow because we use hex notation all the time in our document set, and binary notation exceedingly seldom in my experience. Possibly I am the only person who will stumble on this. But possibly not. In any case if you were to clean up my “is it one type, or two” complaint by collapsing the waveform to “it’s two”, this problem would also go away. 4. In Section 5 you say, When a QUIC endpoint receives a valid DATAGRAM frame, it SHOULD deliver the data to the application immediately, as long as it is able to process the frame and can store the contents in memory. Isn’t the final clause in the category of “well, duh”? I mean, is there a situation in which a QUIC endpoint is *not* able to process the frame or *not* able to store the contents in memory, but still might be expected to deliver the data to the application? Seems like that’d be a “no”. I mean, the remark does no real harm, but why bother stating the obvious? |
2022-02-01
|
08 | John Scudder | [Ballot Position Update] New position, No Objection, has been recorded for John Scudder |
2022-02-01
|
08 | Francesca Palombini | [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini |
2022-01-31
|
08 | Roman Danyliw | [Ballot comment] Thank you to Carl Wallace for the SECDIR review. |
2022-01-31
|
08 | Roman Danyliw | [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw |
2022-01-31
|
08 | Jürgen Schönwälder | Request for Telechat review by OPSDIR Completed: Has Nits. Reviewer: Jürgen Schönwälder. Sent review to list. |
2022-01-28
|
08 | Benjamin Kaduk | [Ballot comment] Thanks for resolving my previous remarks! |
2022-01-28
|
08 | Benjamin Kaduk | [Ballot Position Update] Position for Benjamin Kaduk has been changed to Yes from Discuss |
2022-01-28
|
08 | Benjamin Kaduk | [Ballot discuss] Section 5 refers to a "max_packet_size" transport parameter but I do not see that parameter defined in the registry or RFC 9000. … [Ballot discuss] Section 5 refers to a "max_packet_size" transport parameter but I do not see that parameter defined in the registry or RFC 9000. It seems that a transport parameter of that name was present in earlier versions of draft-ietf-quic-transport, but got renamed to max_udp_payload_size in the -28, so hopefully this is just a trivial rename. |
2022-01-28
|
08 | Benjamin Kaduk | [Ballot comment] I put some editorial suggestions (including the presumed resolution of the DISCUSS) on github at https://github.com/quicwg/datagram/pull/76 . Section 2 * QUIC uses … [Ballot comment] I put some editorial suggestions (including the presumed resolution of the DISCUSS) on github at https://github.com/quicwg/datagram/pull/76 . Section 2 * QUIC uses a more nuanced loss recovery mechanism than the DTLS handshake, which has a basic packet loss retransmission timer. This is true of DTLS 1.2 and prior versions, which technically is right now the current version of DTLS. However, it's not quite true of DTLS 1.3, which includes an explicit ACK message to supplement the retransmission timer. DTLS 1.3 stands a pretty decent chance of being published as an RFC prior to this document (per ekr, it should have the last technical changes from the WG finalized this weekend and then go into the "real" AUTH48 state), so I think we ought to speak to the mechanisms of DTLS 1.3 here. Section 3 For most uses of DATAGRAM frames, it is RECOMMENDED to send a value of 65535 in the max_datagram_frame_size transport parameter to indicate that this endpoint will accept any DATAGRAM frame that fits inside a QUIC packet. It's interesting to compare this to the RFC 9000 max_udp_payload_size default of 65527, the maximum permitted UDP payload. Indeed, the QUIC 1-RTT packet header does not even contain a length field that would limit the frame size. So I'm not entirely sure what motivates the 65535 value specifically. (I do see the subsequent discussion about how there are other factors, including max_packet_size/max_udp_payload_size, that can further limit what is usable.) |
2022-01-28
|
08 | Benjamin Kaduk | [Ballot Position Update] New position, Discuss, has been recorded for Benjamin Kaduk |
2022-01-28
|
08 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Jürgen Schönwälder |
2022-01-28
|
08 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Jürgen Schönwälder |
2022-01-26
|
08 | Robert Wilton | [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton |
2022-01-26
|
08 | Amanda Baber | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2022-01-25
|
08 | Martin Duke | [Ballot Position Update] New position, Yes, has been recorded for Martin Duke |
2022-01-21
|
08 | Erik Kline | [Ballot Position Update] New position, Yes, has been recorded for Erik Kline |
2022-01-20
|
08 | Meral Shirazipour | Request for Last Call review by GENART Completed: Ready. Reviewer: Meral Shirazipour. Sent review to list. |
2022-01-20
|
08 | Jean Mahoney | Request for Last Call review by GENART is assigned to Meral Shirazipour |
2022-01-20
|
08 | Jean Mahoney | Request for Last Call review by GENART is assigned to Meral Shirazipour |
2022-01-20
|
08 | Jean Mahoney | Assignment of request for Last Call review by GENART to Jouni Korhonen was withdrawn |
2022-01-19
|
08 | Bernie Volz | Request for Telechat review by INTDIR is assigned to Charles Perkins |
2022-01-19
|
08 | Bernie Volz | Request for Telechat review by INTDIR is assigned to Charles Perkins |
2022-01-19
|
08 | Éric Vyncke | Requested Telechat review by INTDIR |
2022-01-18
|
08 | Cindy Morgan | Placed on agenda for telechat - 2022-02-03 |
2022-01-18
|
08 | Zaheduzzaman Sarker | Ballot has been issued |
2022-01-18
|
08 | Zaheduzzaman Sarker | [Ballot Position Update] New position, Yes, has been recorded for Zaheduzzaman Sarker |
2022-01-18
|
08 | Zaheduzzaman Sarker | Created "Approve" ballot |
2022-01-18
|
08 | Zaheduzzaman Sarker | IESG state changed to IESG Evaluation from Waiting for Writeup |
2022-01-18
|
08 | Zaheduzzaman Sarker | Ballot writeup was changed |
2022-01-14
|
08 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2022-01-14
|
08 | David Schinazi | New version available: draft-ietf-quic-datagram-08.txt |
2022-01-14
|
08 | (System) | New version approved |
2022-01-14
|
08 | (System) | Request for posting confirmation emailed to previous authors: David Schinazi , Eric Kinnear , Tommy Pauly |
2022-01-14
|
08 | David Schinazi | Uploaded new revision |
2021-12-30
|
07 | Barry Leiba | Request for Last Call review by ARTART is assigned to Darrel Miller |
2021-12-30
|
07 | Barry Leiba | Request for Last Call review by ARTART is assigned to Darrel Miller |
2021-12-30
|
07 | Barry Leiba | Assignment of request for Last Call review by ARTART to Alex Gouaillard was marked no-response |
2021-12-24
|
07 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2021-12-22
|
07 | Carl Wallace | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Carl Wallace. Sent review to list. |
2021-12-21
|
07 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2021-12-21
|
07 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-quic-datagram-07. If any part of this review is inaccurate, please let … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-quic-datagram-07. If any part of this review is inaccurate, please let us know. The IANA Functions Operator understands that, upon approval of this document, there are two actions which we must complete. First, in the QUIC Transport Parameters registry on the QUIC registry page located at: https://www.iana.org/assignments/quic/ the following registration will be made permanent and its reference changed to [ RFC-to-be ]: Value: 0x20 Parameter Name: max_datagram_frame_size Status: permanent Specification: [ RFC-to-be ] Date: [ TBD-at-Registration ] Change Controller: IETF Contact: [QUIC_WG] Second, in the QUIC Frame Types registry also on the QUIC registry page located at: https://www.iana.org/assignments/quic/ two registrations will be made permanent and their references changed to [ RFC-to-be ]: Value: 0x30 Frame Type Name: DATAGRAM Status: permanent Specification: [ RFC-to-be ] Date: [ TBD-at-Registration ] Change Controller: IETF Contact: [QUIC_WG] Value: 0x31 Frame Type Name: DATAGRAM Status: permanent Specification: [ RFC-to-be ] Date: [ TBD-at-Registration ] Change Controller: IETF Contact: [QUIC_WG] The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed. Thank you, Sabrina Tanamal Lead IANA Services Specialist |
2021-12-16
|
07 | Barry Leiba | Request for Last Call review by ARTART is assigned to Alex Gouaillard |
2021-12-16
|
07 | Barry Leiba | Request for Last Call review by ARTART is assigned to Alex Gouaillard |
2021-12-16
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to Jouni Korhonen |
2021-12-16
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to Jouni Korhonen |
2021-12-13
|
07 | Jürgen Schönwälder | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Jürgen Schönwälder. Sent review to list. |
2021-12-12
|
07 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Jürgen Schönwälder |
2021-12-12
|
07 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Jürgen Schönwälder |
2021-12-11
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Carl Wallace |
2021-12-11
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Carl Wallace |
2021-12-10
|
07 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2021-12-10
|
07 | Amy Vezza | The following Last Call announcement was sent out (ends 2021-12-24): From: The IESG To: IETF-Announce CC: Zaheduzzaman.Sarker@ericsson.com, draft-ietf-quic-datagram@ietf.org, lucaspardue.24.7@gmail.com, quic-chairs@ietf.org, quic@ietf.org … The following Last Call announcement was sent out (ends 2021-12-24): From: The IESG To: IETF-Announce CC: Zaheduzzaman.Sarker@ericsson.com, draft-ietf-quic-datagram@ietf.org, lucaspardue.24.7@gmail.com, quic-chairs@ietf.org, quic@ietf.org Reply-To: last-call@ietf.org Sender: Subject: Last Call: (An Unreliable Datagram Extension to QUIC) to Proposed Standard The IESG has received a request from the QUIC WG (quic) to consider the following document: - 'An Unreliable Datagram Extension to QUIC' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2021-12-24. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document defines an extension to the QUIC transport protocol to add support for sending and receiving unreliable datagrams over a QUIC connection. Discussion Venues This note is to be removed before publishing as an RFC. Discussion of this document takes place on the QUIC Working Group mailing list (mailto:quic@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/quic/. Source for this draft and an issue tracker can be found at https://github.com/quicwg/datagram. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-quic-datagram/ No IPR declarations have been submitted directly on this I-D. |
2021-12-10
|
07 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2021-12-10
|
07 | Zaheduzzaman Sarker | Last call was requested |
2021-12-10
|
07 | Zaheduzzaman Sarker | Last call announcement was generated |
2021-12-10
|
07 | Zaheduzzaman Sarker | Ballot approval text was generated |
2021-12-10
|
07 | Zaheduzzaman Sarker | Ballot writeup was generated |
2021-12-10
|
07 | Zaheduzzaman Sarker | IESG state changed to Last Call Requested from AD Evaluation |
2021-12-08
|
07 | Tommy Pauly | New version available: draft-ietf-quic-datagram-07.txt |
2021-12-08
|
07 | (System) | New version approved |
2021-12-08
|
07 | (System) | Request for posting confirmation emailed to previous authors: David Schinazi , Eric Kinnear , Tommy Pauly |
2021-12-08
|
07 | Tommy Pauly | Uploaded new revision |
2021-11-24
|
06 | (System) | Changed action holders to Zaheduzzaman Sarker (IESG state changed) |
2021-11-24
|
06 | Zaheduzzaman Sarker | IESG state changed to AD Evaluation from Publication Requested |
2021-10-12
|
06 | Lucas Pardue | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 1 November 2019. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Proposed Standard. This is the proper type for a simple extension to QUIC. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: The draft defines a simple extension to the QUIC transport (RFC 9000), using the well-defined extension mechanisms. It registers a new DATAGRAM frame type for unreliable application data and clearly describes how the frame transmission and reception operates within the loss recovery and detection framework of QUIC. Working Group Summary: There are two notable points but clear WG consensus was established through the development and last call. The first point is about datagram demultiplexing identifiers. Prior to WG adoption of this document, earlier drafts included a demultiplexing field in the DATAGRAM frame. Discussion of the document before adoption led to the field being removed and the definition of such a field delegated to applications using datagrams. The topic came up again during the WG activity and we were able to reach clear consensus to continue delegating the field to applications. In future, with deployment experience, we may discover patterns of identifiers that could be incorporated into the transport layer. There was consensus to not block progress on this draft in order to wait for such experience. The second point is about DATAGRAM ack-elicitation. Near the time the document was ready for WGLC, a use case was identified for delaying acknowledgement of DATAGRAMs. There was some rigourous discussion on this topic, with several proposals for design change to the datagram specification. In opposition of such design changes were concerns over unintended consequences to congestion control. WG discussion identified other ways in which the use case might be addressed, which harnessed the extensibility mechanisms of the QUIC protocol. Given the broad range of possible technical solutions, the chairs sought clarity about whether the group believed the use case needed to be solved in the scope of this document. A consensus call was issued and the responses established clear consensus to not work it. Document Quality: There are several implementations of the datagram extension and several interoperable deployments of the datagram extension deployed on the Internet. This extension provides an unreliable data transport feature that application protocols can build upon. Within the IETF, the MASQUE and WebTrans WGs have adopted documents to define such application uses. Other members of the community are also interested in using this extension. No special review has been required. Personnel: Lucas Pardue is the document shepherd. Zahed Sarker is the AD. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. I have reviewed this document thoroughly and implemented the extension. The scope of the extension is focused and is straightforward to implement for any person familiar with QUIC. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? None. The datagram document has been developed alongside the QUIC core protocol and has benefitted from relevant and up-to-date review expertise within the WG and community. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. No special review is required. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No specific concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? Yes. There are no IPR disclosures for this document. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. There are no IPR disclosures for this document. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? This extension defined in this document has been implemented and deployed by a wide range of vendors. The notable points described in answer (2) were resolved within the working group with clear consensus before WGLC. During WGLC only a handful of editorial issues were raised. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. No nits. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. N/A (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? No. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. No. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. No. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126). This document registers a new Transport Parameter. This is a permanent registration in the range 0x00-0x3f, which requires Standards Action or IESG approval. This document registers two new QUIC frame types. This is a permanent registration in the range 0x00-0x3f, which requires Standards Action or IESG approval. The registrations conform to the registration requirements of IANA. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. N/A (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc. N/A (20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342? N/A |
2021-10-12
|
06 | Lucas Pardue | Responsible AD changed to Zaheduzzaman Sarker |
2021-10-12
|
06 | Lucas Pardue | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2021-10-12
|
06 | Lucas Pardue | IESG state changed to Publication Requested from I-D Exists |
2021-10-12
|
06 | Lucas Pardue | IESG process started in state Publication Requested |
2021-10-12
|
06 | Lucas Pardue | Tag Doc Shepherd Follow-up Underway cleared. |
2021-10-12
|
06 | Lucas Pardue | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 1 November 2019. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Proposed Standard. This is the proper type for a simple extension to QUIC. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: The draft defines a simple extension to the QUIC transport (RFC 9000), using the well-defined extension mechanisms. It registers a new DATAGRAM frame type for unreliable application data and clearly describes how the frame transmission and reception operates within the loss recovery and detection framework of QUIC. Working Group Summary: There are two notable points but clear WG consensus was established through the development and last call. The first point is about datagram demultiplexing identifiers. Prior to WG adoption of this document, earlier drafts included a demultiplexing field in the DATAGRAM frame. Discussion of the document before adoption led to the field being removed and the definition of such a field delegated to applications using datagrams. The topic came up again during the WG activity and we were able to reach clear consensus to continue delegating the field to applications. In future, with deployment experience, we may discover patterns of identifiers that could be incorporated into the transport layer. There was consensus to not block progress on this draft in order to wait for such experience. The second point is about DATAGRAM ack-elicitation. Near the time the document was ready for WGLC, a use case was identified for delaying acknowledgement of DATAGRAMs. There was some rigourous discussion on this topic, with several proposals for design change to the datagram specification. In opposition of such design changes were concerns over unintended consequences to congestion control. WG discussion identified other ways in which the use case might be addressed, which harnessed the extensibility mechanisms of the QUIC protocol. Given the broad range of possible technical solutions, the chairs sought clarity about whether the group believed the use case needed to be solved in the scope of this document. A consensus call was issued and the responses established clear consensus to not work it. Document Quality: There are several implementations of the datagram extension and several interoperable deployments of the datagram extension deployed on the Internet. This extension provides an unreliable data transport feature that application protocols can build upon. Within the IETF, the MASQUE and WebTrans WGs have adopted documents to define such application uses. Other members of the community are also interested in using this extension. No special review has been required. Personnel: Lucas Pardue is the document shepherd. Zahed Sarker is the AD. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. I have reviewed this document thoroughly and implemented the extension. The scope of the extension is focused and is straightforward to implement for any person familiar with QUIC. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? None. The datagram document has been developed alongside the QUIC core protocol and has benefitted from relevant and up-to-date review expertise within the WG and community. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. No special review is required. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No specific concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? Yes. There are no IPR disclosures for this document. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. There are no IPR disclosures for this document. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? This extension defined in this document has been implemented and deployed by a wide range of vendors. The notable points described in answer (2) were resolved within the working group with clear consensus before WGLC. During WGLC only a handful of editorial issues were raised. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. No nits. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. N/A (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? No. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. No. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. No. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126). This document registers a new Transport Parameter. This is a permanent registration in the range 0x00-0x3f, which requires Standards Action or IESG approval. This document registers two new QUIC frame types. This is a permanent registration in the range 0x00-0x3f, which requires Standards Action or IESG approval. The registrations conform to the registration requirements of IANA. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. N/A (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc. N/A (20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342? N/A |
2021-10-05
|
06 | Tommy Pauly | New version available: draft-ietf-quic-datagram-06.txt |
2021-10-05
|
06 | (System) | New version approved |
2021-10-05
|
06 | (System) | Request for posting confirmation emailed to previous authors: David Schinazi , Eric Kinnear , Tommy Pauly |
2021-10-05
|
06 | Tommy Pauly | Uploaded new revision |
2021-10-04
|
05 | Lucas Pardue | Tag Doc Shepherd Follow-up Underway set. |
2021-10-04
|
05 | Lucas Pardue | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2021-10-04
|
05 | Lucas Pardue | Notification list changed to lucaspardue.24.7@gmail.com because the document shepherd was set |
2021-10-04
|
05 | Lucas Pardue | Document shepherd changed to Lucas Pardue |
2021-10-01
|
05 | Tommy Pauly | New version available: draft-ietf-quic-datagram-05.txt |
2021-10-01
|
05 | (System) | New version approved |
2021-10-01
|
05 | (System) | Request for posting confirmation emailed to previous authors: David Schinazi , Eric Kinnear , Tommy Pauly |
2021-10-01
|
05 | Tommy Pauly | Uploaded new revision |
2021-09-16
|
04 | Lucas Pardue | IETF WG state changed to In WG Last Call from WG Document |
2021-09-08
|
04 | Tommy Pauly | New version available: draft-ietf-quic-datagram-04.txt |
2021-09-08
|
04 | (System) | New version accepted (logged-in submitter: Tommy Pauly) |
2021-09-08
|
04 | Tommy Pauly | Uploaded new revision |
2021-07-12
|
03 | Tommy Pauly | New version available: draft-ietf-quic-datagram-03.txt |
2021-07-12
|
03 | (System) | New version accepted (logged-in submitter: Tommy Pauly) |
2021-07-12
|
03 | Tommy Pauly | Uploaded new revision |
2021-02-16
|
02 | Tommy Pauly | New version available: draft-ietf-quic-datagram-02.txt |
2021-02-16
|
02 | (System) | New version accepted (logged-in submitter: Tommy Pauly) |
2021-02-16
|
02 | Tommy Pauly | Uploaded new revision |
2020-08-24
|
01 | Tommy Pauly | New version available: draft-ietf-quic-datagram-01.txt |
2020-08-24
|
01 | (System) | New version accepted (logged-in submitter: Tommy Pauly) |
2020-08-24
|
01 | Tommy Pauly | Uploaded new revision |
2020-03-09
|
00 | Lars Eggert | Changed consensus to Yes from Unknown |
2020-03-09
|
00 | Lars Eggert | Intended Status changed to Proposed Standard from None |
2020-02-26
|
00 | David Schinazi | This document now replaces draft-pauly-quic-datagram instead of None |
2020-02-26
|
00 | David Schinazi | New version available: draft-ietf-quic-datagram-00.txt |
2020-02-26
|
00 | (System) | New version accepted (logged-in submitter: David Schinazi) |
2020-02-26
|
00 | David Schinazi | Uploaded new revision |