| draft-ietf-quic-v2-02.txt | draft-ietf-quic-v2-03.txt | |||
|---|---|---|---|---|
| QUIC M. Duke | QUIC M. Duke | |||
| Internet-Draft Google LLC | Internet-Draft Google LLC | |||
| Intended status: Standards Track 28 April 2022 | Intended status: Standards Track 12 May 2022 | |||
| Expires: 30 October 2022 | Expires: 13 November 2022 | |||
| QUIC Version 2 | QUIC Version 2 | |||
| draft-ietf-quic-v2-02 | draft-ietf-quic-v2-03 | |||
| Abstract | Abstract | |||
| This document specifies QUIC version 2, which is identical to QUIC | This document specifies QUIC version 2, which is identical to QUIC | |||
| version 1 except for some trivial details. Its purpose is to combat | version 1 except for some trivial details. Its purpose is to combat | |||
| various ossification vectors and exercise the version negotiation | various ossification vectors and exercise the version negotiation | |||
| framework. It also serves as a template for the minimum changes in | framework. It also serves as a template for the minimum changes in | |||
| any future version of QUIC. | any future version of QUIC. | |||
| Note that "version 2" is an informal name for this proposal that | Note that "version 2" is an informal name for this proposal that | |||
| skipping to change at page 2, line 15 ¶ | skipping to change at page 2, line 15 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 30 October 2022. | This Internet-Draft will expire on 13 November 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
| extracted from this document must include Revised BSD License text as | extracted from this document must include Revised BSD License text as | |||
| described in Section 4.e of the Trust Legal Provisions and are | described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Revised BSD License. | provided without warranty as described in the Revised BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. Changes from QUIC Version 1 . . . . . . . . . . . . . . . . . 4 | 3. Differences with QUIC Version 1 . . . . . . . . . . . . . . . 4 | |||
| 3.1. Version Field . . . . . . . . . . . . . . . . . . . . . . 4 | 3.1. Version Field . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.2. Long Header Packet Types . . . . . . . . . . . . . . . . 4 | 3.2. Long Header Packet Types . . . . . . . . . . . . . . . . 4 | |||
| 3.3. Cryptography changes . . . . . . . . . . . . . . . . . . 4 | 3.3. Cryptography changes . . . . . . . . . . . . . . . . . . 4 | |||
| 3.3.1. Initial Salt . . . . . . . . . . . . . . . . . . . . 4 | 3.3.1. Initial Salt . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.3.2. HKDF Labels . . . . . . . . . . . . . . . . . . . . . 4 | 3.3.2. HKDF Labels . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.3.3. Retry Integrity Tag . . . . . . . . . . . . . . . . . 4 | 3.3.3. Retry Integrity Tag . . . . . . . . . . . . . . . . . 5 | |||
| 4. Version Negotiation Considerations . . . . . . . . . . . . . 5 | 4. Version Negotiation Considerations . . . . . . . . . . . . . 5 | |||
| 4.1. Compatible Negotiation Requirements . . . . . . . . . . . 5 | 4.1. Compatible Negotiation Requirements . . . . . . . . . . . 5 | |||
| 5. TLS Resumption and NEW_TOKEN Tokens . . . . . . . . . . . . . 6 | 5. TLS Resumption and NEW_TOKEN Tokens . . . . . . . . . . . . . 6 | |||
| 6. Ossification Considerations . . . . . . . . . . . . . . . . . 7 | 6. Ossification Considerations . . . . . . . . . . . . . . . . . 7 | |||
| 7. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 7 | 7. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 8 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 8 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 8 | 10.2. Informative References . . . . . . . . . . . . . . . . . 8 | |||
| Appendix A. Sample Packet Protection . . . . . . . . . . . . . . 9 | Appendix A. Sample Packet Protection . . . . . . . . . . . . . . 9 | |||
| A.1. Keys . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | A.1. Keys . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| A.2. Client Initial . . . . . . . . . . . . . . . . . . . . . 10 | A.2. Client Initial . . . . . . . . . . . . . . . . . . . . . 10 | |||
| A.3. Server Initial . . . . . . . . . . . . . . . . . . . . . 12 | A.3. Server Initial . . . . . . . . . . . . . . . . . . . . . 12 | |||
| A.4. Retry . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | A.4. Retry . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| A.5. ChaCha20-Poly1305 Short Header Packet . . . . . . . . . . 13 | A.5. ChaCha20-Poly1305 Short Header Packet . . . . . . . . . . 13 | |||
| Appendix B. Changelog . . . . . . . . . . . . . . . . . . . . . 15 | Appendix B. Changelog . . . . . . . . . . . . . . . . . . . . . 15 | |||
| B.1. since draft-ietf-quic-v2-01 . . . . . . . . . . . . . . . 15 | B.1. since draft-ietf-quic-v2-02 . . . . . . . . . . . . . . . 15 | |||
| B.2. since draft-ietf-quic-v2-00 . . . . . . . . . . . . . . . 15 | B.2. since draft-ietf-quic-v2-01 . . . . . . . . . . . . . . . 15 | |||
| B.3. since draft-duke-quic-v2-02 . . . . . . . . . . . . . . . 15 | B.3. since draft-ietf-quic-v2-00 . . . . . . . . . . . . . . . 15 | |||
| B.4. since draft-duke-quic-v2-01 . . . . . . . . . . . . . . . 15 | B.4. since draft-duke-quic-v2-02 . . . . . . . . . . . . . . . 15 | |||
| B.5. since draft-duke-quic-v2-00 . . . . . . . . . . . . . . . 15 | B.5. since draft-duke-quic-v2-01 . . . . . . . . . . . . . . . 15 | |||
| B.6. since draft-duke-quic-v2-00 . . . . . . . . . . . . . . . 16 | ||||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 16 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 1. Introduction | 1. Introduction | |||
| QUIC [QUIC] has numerous extension points, including the version | QUIC [QUIC] has numerous extension points, including the version | |||
| number that occupies the second through fifth octets of every long | number that occupies the second through fifth bytes of every long | |||
| header (see [RFC8999]). If experimental versions are rare, and QUIC | header (see [QUIC-INVARIANTS]). If experimental versions are rare, | |||
| version 1 constitutes the vast majority of QUIC traffic, there is the | and QUIC version 1 constitutes the vast majority of QUIC traffic, | |||
| potential for middleboxes to ossify on the version octets always | there is the potential for middleboxes to ossify on the version bytes | |||
| being 0x00000001. | always being 0x00000001. | |||
| Furthermore, version 1 Initial packets are encrypted with keys | In QUIC version 1, Initial packets are encrypted with the version- | |||
| derived from a universally known salt, which allow observers to | specific salt as described in Section 5.2 of [QUIC-TLS]. Protecting | |||
| inspect the contents of these packets, which include the TLS Client | Initial packets in this way allows observers to inspect their | |||
| Hello and Server Hello messages. Again, middleboxes may ossify on | contents, which includes the TLS Client Hello or Server Hello | |||
| messages. Again, there is the potential for middleboxes to ossify on | ||||
| the version 1 key derivation and packet formats. | the version 1 key derivation and packet formats. | |||
| Finally [QUIC-VN] provides two mechanisms for endpoints to negotiate | Finally [QUIC-VN] provides two mechanisms for endpoints to negotiate | |||
| the QUIC version to use. The "incompatible" version negotiation | the QUIC version to use. The "incompatible" version negotiation | |||
| method can support switching from any initial QUIC version to any | method can support switching from any initial QUIC version to any | |||
| other version with full generality, at the cost of an additional | other version with full generality, at the cost of an additional | |||
| round-trip at the start of the connection. "Compatible" version | round-trip at the start of the connection. "Compatible" version | |||
| negotiation eliminates the round-trip penalty but levies some | negotiation eliminates the round-trip penalty but levies some | |||
| restrictions on how much the two versions can differ semantically. | restrictions on how much the two versions can differ semantically. | |||
| QUIC version 2 is meant to mitigate ossification concerns and | QUIC version 2 is meant to mitigate ossification concerns and | |||
| exercise the version negotiation mechanisms. The only change is a | exercise the version negotiation mechanisms. The only change is a | |||
| tweak to the inputs of some crypto derivation functions to enforce | tweak to the inputs of some crypto derivation functions to enforce | |||
| full key separation. Any endpoint that supports two versions needs | full key separation. Any endpoint that supports two versions needs | |||
| to implement version negotiation to protect against downgrade | to implement version negotiation to protect against downgrade | |||
| attacks. | attacks. | |||
| [I-D.duke-quic-version-aliasing] is a more robust, but much more | ||||
| complicated, proposal to address these ossification problems. By | ||||
| design, it requires incompatible version negotiation. QUICv2 enables | ||||
| exercise of compatible version negotiation mechanism. | ||||
| 2. Conventions | 2. Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in RFC 2119 [RFC2119]. | |||
| 3. Changes from QUIC Version 1 | 3. Differences with QUIC Version 1 | |||
| QUIC version 2 endpoints MUST implement the QUIC version 1 | QUIC version 2 endpoints MUST implement the QUIC version 1 | |||
| specification as described in [QUIC], [QUIC-TLS], and [RFC9002], with | specification as described in [QUIC], [QUIC-TLS], and [RFC9002]. | |||
| the following changes. | However, the following differences apply in version 2. | |||
| 3.1. Version Field | 3.1. Version Field | |||
| The version field of long headers is 0x709a50c4. | The Version field of long headers is 0x709a50c4. | |||
| 3.2. Long Header Packet Types | 3.2. Long Header Packet Types | |||
| Initial packets use a packet type field of 0b01. 0-RTT packets use a | All version 2 long header packet types are different. The Type field | |||
| packet type field of 0b10. Handshake packets use a packet type field | values are: | |||
| of 0b11. Retry packets use a packet type field of 0b00. | ||||
| * Initial: 0b01 | ||||
| * 0-RTT: 0b10 | ||||
| * Handshake: 0b11 | ||||
| * Retry: 0b00 | ||||
| 3.3. Cryptography changes | 3.3. Cryptography changes | |||
| 3.3.1. Initial Salt | 3.3.1. Initial Salt | |||
| The salt used to derive Initial keys in Section 5.2 of [QUIC-TLS] | The salt used to derive Initial keys in Section 5.2 of [QUIC-TLS] | |||
| changes to: | changes to: | |||
| initial_salt = 0xa707c203a59b47184a1d62ca570406ea7ae3e5d3 | initial_salt = 0xa707c203a59b47184a1d62ca570406ea7ae3e5d3 | |||
| skipping to change at page 6, line 43 ¶ | skipping to change at page 6, line 43 ¶ | |||
| The client MUST NOT send 0-RTT packets using the negotiated version, | The client MUST NOT send 0-RTT packets using the negotiated version, | |||
| even after processing a packet of that version from the server. | even after processing a packet of that version from the server. | |||
| Servers can apply original version 0-RTT packets to a connection | Servers can apply original version 0-RTT packets to a connection | |||
| without additional considerations. | without additional considerations. | |||
| 5. TLS Resumption and NEW_TOKEN Tokens | 5. TLS Resumption and NEW_TOKEN Tokens | |||
| TLS session tickets and NEW_TOKEN tokens are specific to the QUIC | TLS session tickets and NEW_TOKEN tokens are specific to the QUIC | |||
| version of the connection that provided them. Clients SHOULD NOT use | version of the connection that provided them. Clients SHOULD NOT use | |||
| a session ticket or token from a QUICv1 connection to initiate a | a session ticket or token from a QUIC version 1 connection to | |||
| QUICv2 connection, or vice versa. | initiate a QUIC version 2 connection, or vice versa. | |||
| Servers MUST validate the originating version of any session ticket | Servers MUST validate the originating version of any session ticket | |||
| or token and not accept one issued from a different version. A | or token and not accept one issued from a different version. A | |||
| rejected ticket results in falling back to a full TLS handshake, | rejected ticket results in falling back to a full TLS handshake, | |||
| without 0-RTT. A rejected token results in the client address | without 0-RTT. A rejected token results in the client address | |||
| remaining unverified, which limits the amount of data the server can | remaining unverified, which limits the amount of data the server can | |||
| send. | send. | |||
| After compatible version negotiation, any resulting session ticket | After compatible version negotiation, any resulting session ticket | |||
| maps to the negotiated version rather than original one. | maps to the negotiated version rather than original one. | |||
| 6. Ossification Considerations | 6. Ossification Considerations | |||
| QUIC version 2 provides protection against some forms of | QUIC version 2 provides protection against some forms of | |||
| ossification. Devices that assume that all long headers will contain | ossification. Devices that assume that all long headers will encode | |||
| encode version 1, or that the version 1 Initial key derivation | version 1, or that the version 1 Initial key derivation formula will | |||
| formula will remain version-invariant, will not correctly process | remain version-invariant, will not correctly process version 2 | |||
| version 2 packets. | packets. | |||
| However, many middleboxes such as firewalls focus on the first packet | However, many middleboxes such as firewalls focus on the first packet | |||
| in a connection, which will often remain in the version 1 format due | in a connection, which will often remain in the version 1 format due | |||
| to the considerations above. | to the considerations above. | |||
| Clients interested in combating firewall ossification can initiate a | Clients interested in combating firewall ossification can initiate a | |||
| connection using version 2 if they are either reasonably certain the | connection using version 2 if they are either reasonably certain the | |||
| server supports it, or are willing to suffer a round-trip penalty if | server supports it, or are willing to suffer a round-trip penalty if | |||
| they are incorrect. | they are incorrect. | |||
| 7. Applicability | 7. Applicability | |||
| This version of QUIC provides no change from QUIC version 1 relating | This version of QUIC provides no change from QUIC version 1 relating | |||
| to the capabilities available to applications. Therefore, all | to the capabilities available to applications. Therefore, all | |||
| Application Layer Protocol Negotiation (ALPN) ([RFC7301]) codepoints | Application Layer Protocol Negotiation (ALPN) ([RFC7301]) codepoints | |||
| specified to operate over QUICv1 can also operate over this version | specified to operate over QUIC version 1 can also operate over this | |||
| of QUIC. In particular, both the "h3" [I-D.ietf-quic-http] and "doq" | version of QUIC. In particular, both the "h3" [I-D.ietf-quic-http] | |||
| [I-D.ietf-dprive-dnsoquic] ALPNs can operate over QUICv2. | and "doq" [I-D.ietf-dprive-dnsoquic] ALPNs can operate over QUIC | |||
| version 2. | ||||
| All QUIC extensions defined to work with version 1 also work with | All QUIC extensions defined to work with version 1 also work with | |||
| version 2. | version 2. | |||
| 8. Security Considerations | 8. Security Considerations | |||
| QUIC version 2 introduces no changes to the security or privacy | QUIC version 2 introduces no changes to the security or privacy | |||
| properties of QUIC version 1. | properties of QUIC version 1. | |||
| The mandatory version negotiation mechanism guards against downgrade | The mandatory version negotiation mechanism guards against downgrade | |||
| skipping to change at page 8, line 37 ¶ | skipping to change at page 8, line 37 ¶ | |||
| draft-ietf-quic-version-negotiation-07, 5 April 2022, | draft-ietf-quic-version-negotiation-07, 5 April 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-quic- | <https://datatracker.ietf.org/doc/html/draft-ietf-quic- | |||
| version-negotiation-07>. | version-negotiation-07>. | |||
| [RFC9002] Iyengar, J., Ed. and I. Swett, Ed., "QUIC Loss Detection | [RFC9002] Iyengar, J., Ed. and I. Swett, Ed., "QUIC Loss Detection | |||
| and Congestion Control", RFC 9002, DOI 10.17487/RFC9002, | and Congestion Control", RFC 9002, DOI 10.17487/RFC9002, | |||
| May 2021, <https://www.rfc-editor.org/rfc/rfc9002>. | May 2021, <https://www.rfc-editor.org/rfc/rfc9002>. | |||
| 10.2. Informative References | 10.2. Informative References | |||
| [I-D.duke-quic-version-aliasing] | ||||
| Duke, M., "QUIC Version Aliasing", Work in Progress, | ||||
| Internet-Draft, draft-duke-quic-version-aliasing-07, 25 | ||||
| October 2021, <https://datatracker.ietf.org/doc/html/ | ||||
| draft-duke-quic-version-aliasing-07>. | ||||
| [I-D.ietf-dprive-dnsoquic] | [I-D.ietf-dprive-dnsoquic] | |||
| Huitema, C., Dickinson, S., and A. Mankin, "DNS over | Huitema, C., Dickinson, S., and A. Mankin, "DNS over | |||
| Dedicated QUIC Connections", Work in Progress, Internet- | Dedicated QUIC Connections", Work in Progress, Internet- | |||
| Draft, draft-ietf-dprive-dnsoquic-12, 20 April 2022, | Draft, draft-ietf-dprive-dnsoquic-12, 20 April 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-dprive- | <https://datatracker.ietf.org/doc/html/draft-ietf-dprive- | |||
| dnsoquic-12>. | dnsoquic-12>. | |||
| [I-D.ietf-quic-http] | [I-D.ietf-quic-http] | |||
| Bishop, M., "Hypertext Transfer Protocol Version 3 | Bishop, M., "Hypertext Transfer Protocol Version 3 | |||
| (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf- | (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf- | |||
| quic-http-34, 2 February 2021, | quic-http-34, 2 February 2021, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-quic- | <https://datatracker.ietf.org/doc/html/draft-ietf-quic- | |||
| http-34>. | http-34>. | |||
| [QUIC-INVARIANTS] | ||||
| Thomson, M., "Version-Independent Properties of QUIC", | ||||
| RFC 8999, DOI 10.17487/RFC8999, May 2021, | ||||
| <https://www.rfc-editor.org/rfc/rfc8999>. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/rfc/rfc2119>. | <https://www.rfc-editor.org/rfc/rfc2119>. | |||
| [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, | [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, | |||
| "Transport Layer Security (TLS) Application-Layer Protocol | "Transport Layer Security (TLS) Application-Layer Protocol | |||
| Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, | Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, | |||
| July 2014, <https://www.rfc-editor.org/rfc/rfc7301>. | July 2014, <https://www.rfc-editor.org/rfc/rfc7301>. | |||
| [RFC7838] Nottingham, M., McManus, P., and J. Reschke, "HTTP | [RFC7838] Nottingham, M., McManus, P., and J. Reschke, "HTTP | |||
| Alternative Services", RFC 7838, DOI 10.17487/RFC7838, | Alternative Services", RFC 7838, DOI 10.17487/RFC7838, | |||
| April 2016, <https://www.rfc-editor.org/rfc/rfc7838>. | April 2016, <https://www.rfc-editor.org/rfc/rfc7838>. | |||
| [RFC8999] Thomson, M., "Version-Independent Properties of QUIC", | ||||
| RFC 8999, DOI 10.17487/RFC8999, May 2021, | ||||
| <https://www.rfc-editor.org/rfc/rfc8999>. | ||||
| Appendix A. Sample Packet Protection | Appendix A. Sample Packet Protection | |||
| This section shows examples of packet protection so that | This section shows examples of packet protection so that | |||
| implementations can be verified incrementally. Samples of Initial | implementations can be verified incrementally. Samples of Initial | |||
| packets from both client and server plus a Retry packet are defined. | packets from both client and server plus a Retry packet are defined. | |||
| These packets use an 8-byte client-chosen Destination Connection ID | These packets use an 8-byte client-chosen Destination Connection ID | |||
| of 0x8394c8f03e515708. Some intermediate values are included. All | of 0x8394c8f03e515708. Some intermediate values are included. All | |||
| values are shown in hexadecimal. | values are shown in hexadecimal. | |||
| A.1. Keys | A.1. Keys | |||
| skipping to change at page 15, line 10 ¶ | skipping to change at page 15, line 10 ¶ | |||
| The protected packet is the smallest possible packet size of 21 | The protected packet is the smallest possible packet size of 21 | |||
| bytes. | bytes. | |||
| packet = 5558b1c60ae7b6b932bc27d786f4bc2bb20f2162ba | packet = 5558b1c60ae7b6b932bc27d786f4bc2bb20f2162ba | |||
| Appendix B. Changelog | Appendix B. Changelog | |||
| *RFC Editor's Note:* Please remove this section prior to | *RFC Editor's Note:* Please remove this section prior to | |||
| publication of a final version of this document. | publication of a final version of this document. | |||
| B.1. since draft-ietf-quic-v2-01 | B.1. since draft-ietf-quic-v2-02 | |||
| * Editorial comments from Lucas Pardue | ||||
| B.2. since draft-ietf-quic-v2-01 | ||||
| * Ban use of NEW_TOKEN tokens across versions | * Ban use of NEW_TOKEN tokens across versions | |||
| * version-info transport parameter required for all v2 endpoints | * version-info transport parameter required for all v2 endpoints | |||
| * Explicitly list known ALPN compatibility | * Explicitly list known ALPN compatibility | |||
| B.2. since draft-ietf-quic-v2-00 | B.3. since draft-ietf-quic-v2-00 | |||
| * Expanded requirements for compatible version negotiation | * Expanded requirements for compatible version negotiation | |||
| * Added test vectors | * Added test vectors | |||
| * Greased the packet type codepoints | * Greased the packet type codepoints | |||
| * Random version number | * Random version number | |||
| * Clarified requirement to use QUIC-VN | * Clarified requirement to use QUIC-VN | |||
| * Banned use of resumption tokens across versions | * Banned use of resumption tokens across versions | |||
| B.3. since draft-duke-quic-v2-02 | B.4. since draft-duke-quic-v2-02 | |||
| * Converted to adopted draft | * Converted to adopted draft | |||
| * Deleted references to QUIC improvements | * Deleted references to QUIC improvements | |||
| * Clarified status of QUIC extensions | * Clarified status of QUIC extensions | |||
| B.4. since draft-duke-quic-v2-01 | B.5. since draft-duke-quic-v2-01 | |||
| * Made the final version number TBD. | * Made the final version number TBD. | |||
| * Added ALPN considerations | * Added ALPN considerations | |||
| B.5. since draft-duke-quic-v2-00 | B.6. since draft-duke-quic-v2-00 | |||
| * Added provisional versions for interop | * Added provisional versions for interop | |||
| * Change the v1 Retry Tag secret | * Change the v1 Retry Tag secret | |||
| * Change labels to create full key separation | * Change labels to create full key separation | |||
| Author's Address | Author's Address | |||
| Martin Duke | Martin Duke | |||
| End of changes. 24 change blocks. | ||||
| 56 lines changed or deleted | 60 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||