Internet DRAFT - draft-edm-protocol-greasing
draft-edm-protocol-greasing
Network Working Group L. Pardue
Internet-Draft Cloudflare
Intended status: Informational 10 July 2023
Expires: 11 January 2024
Maintaining Protocols Using Grease and Variability
draft-edm-protocol-greasing-02
Abstract
Long-term interoperability of protocols is an important goal of the
network standards process. Part of realizing long-term protocol
deployment success is the ability to support change. Change can
require adjustments such as extension to the protocol, modifying
usage patterns within the current protocol constraints, or a
replacement protocol. This document present considerations for
protocol designers and implementers about applying techniques such as
greasing or protocol variability as a means to exercise maintenance
concepts.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at
https://intarchboard.github.io/draft-protocol-greasing/draft-edm-
protocol-greasing.html. Status information for this document may be
found at https://datatracker.ietf.org/doc/draft-edm-protocol-
greasing/.
Source for this draft and an issue tracker can be found at
https://github.com/intarchboard/draft-protocol-greasing.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
Pardue Expires 11 January 2024 [Page 1]
Internet-Draft Maintaining Protocols Using Grease and V July 2023
This Internet-Draft will expire on 11 January 2024.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3
3. Considerations for Applying Greasing . . . . . . . . . . . . 3
4. Considerations for Increasing Protocol Variability . . . . . 5
5. Considerations for Protocol Versions . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
8.1. Normative References . . . . . . . . . . . . . . . . . . 6
8.2. Informative References . . . . . . . . . . . . . . . . . 6
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 7
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction
Long-term interoperability of protocols is an important goal of the
network standards process [MAINTENANCE]. Part of realizing long-term
protocol deployment success [SUCCESS] is the ability to support
change. Change can require adjustments such as extension to the
protocol, modifying usage patterns within the current protocol
constraints, or a replacement protocol.
Greasing is one technique that supports the long term-viability of
protocol extension points. It was originally designed for TLS
[GREASE] as a later addition to help mitigate observed deployment
issues. Subsequently, other protocols such as QUIC [QUIC] and HTTP/3
[HTTP/3] embedded greasing capability into the protocol, along with
policies and IANA registries, in order to avoid ossification-related
problems emerging in the first place. Greasing is suitable for many
protocols but not all. Section 3.3 of [VIABILITY] discusses the
Pardue Expires 11 January 2024 [Page 2]
Internet-Draft Maintaining Protocols Using Grease and V July 2023
applicability and limitations of greasing. Section 3 presents
considerations for applying grease that help to ensure it can most
effectively reach its maintenance goals.
Changing user needs [END-USERS] may require that applications modify
how they use a protocol without needing to change the protocol
itself. For example, a deployment that supported a download-oriented
population might wish to enable support for user uploads. This would
change interactions and traffic flows but still behave completely
within the design constraints of the network protocols.
Implementations and deployments might discover ossification affects
this form of change because expectations form around patterns of
usage. Section 4 presents considerations about how increasing the
variability of protocols can mitigate some of these concerns.
Replacing a protocol may be required where the changing needs or
environment push protocol usage outside its original design
parameters and extensions cannot elegantly fill the gap. Replacing a
protocol may also be desirable as a form of baseline, a formal
declaration of protocol and extension(s) combination that is common,
that may simplify deployment by reducing failures related to
combinatorial extensions problems. A replacement protocol version
may or may not be compatible with other versions. A protocol may or
may not have a mechanism for version selection or agility. Section 5
presents considerations about designing for and/or implementing
version negotiation and migration.
2. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Considerations for Applying Greasing
Greasing can take many forms, depending on the protocol and the
nature of its extension points.
Where a protocol uses registered values (i.e. codepoints) or numbers
in a well defined range, a common approach (see [GREASE],
Section 18.1 of [QUIC], or Section 7.2.8 of [HTTP/3]), is to reserve
a subset of the range for the purposes of greasing. Ths approach is
detailed more thoroughly in Section 3.3 of [VIABILITY]. However,
protocol designers or implementers may find it difficult to apply
those suggestions in abstract. The likely success or efficacy of
this method can be improved by the following suggestions.
Pardue Expires 11 January 2024 [Page 3]
Internet-Draft Maintaining Protocols Using Grease and V July 2023
It is assumed that endpoint should implement robust and broad
extension handling. When acting as a receiver or a parser, the
implementation should not treat codepoints reserved for the purposes
of greasing as individually special. In other words, rather than
implementation looking specifically for reserved values, it is better
to have a "catch all" mechanism that can handle receipt of unknown
extensions gracefully or without error.
In order to exercise receiver capability, it is advisable that
senders send values from the ranges reserved for greasing. However,
picking a deterministic value risks a value becoming ossified itself.
One outcome of that is receivers being written to handle a single
expected value rather than the generic handling described above. One
way to help mitigate this is to reserve a sufficiently large range of
values for greasing, and ensure that senders chose values from that
range with diversity and non-determinism. The specific nature of
size and distribution of the grease range needs to accommodate the
protocol constraints. For instance, an 8-bit field can only
represent a small range of values and it may be too costly to
dedicate many of them solely for the purpose of greasing. However,
protocols that use 32-bit or 64-bit fields are unlikely to have
restrictions.
It is beneficial to have a large set of reserved numbers for the
purpose of greasing. However, protocol designers that wish to do so
may encounter difficulties in expressing the large range in their
protocol documents and/or in an IANA registry. One approach to this
problem has been to define the set algorithmically in the protocol
definition and request that IANA reserve only a single entry in the
respective table that covers the entire range; see for example
https://www.iana.org/assignments/http3-parameters/
http3-parameters.xhtml#http3-parameters-frame-types. This range
should be protected from registering from any other purpose.
Deciding an appropriate label for this protected range is important.
Labelling it simply "reserved" may be confused with other ranges that
are reserved for private or experimental extensions. An implementer
that conflates these two meanings may cause a new class of
interoperability failure. Therefore a label such as "reserved for
greasing" may help to avoid the confusion. If choosing to use an
algorithm to define the set, it is encourage to use unique
algorithms. This again improves the chances that receivers will
build robust extension handling rather that a simple special-case
ignore list.
Pardue Expires 11 January 2024 [Page 4]
Internet-Draft Maintaining Protocols Using Grease and V July 2023
Protocols that do reserve ranges for greasing introduce a new
consideration for real extensions. It is common to want to reserve a
block of code points for iteration and experimentation. Depending
how the algorithm spreads numbers through the full range, any single
block of uninterrupted values may be too small to be usable. This
could lead to unintentional use of a greased value.
Since it is intended for receivers to ignore values reserved for
greasing, designers and implementers need to remain aware that
unintentional use of greased values by a sender for a real extension
may cause a failure.
Receiver implementations may unintentionally build a reliance on the
occurrence of greasing in the temporal or spatial domain. Senders
are advised to implementation non-determinism of when they use grease
in addition to what values they send.
4. Considerations for Increasing Protocol Variability
While greasing is one method to deal with falsifying active use of a
protocols extensions points, it cannot address positive use. A
protocol may define a wide-ranging extension capability but if
senders do not use it, then interoperability problems may not arise,
leading to ossification until a real use case emerges.
Variation of protocol extension points with positive use in mind can
help exercise protocols and ensure long-term maintenance and
interoperability. This can be thought of, to some extent, as
protocol fuzzing. It can be a difficult area to exercise because
varying the protocol elements may change the actual outcome of
interactions, leading to real errors. However, some elements can be
safely changed and the following are some examples.
QUIC packets contain frames. Receivers might build expectations on
the longitudinal aspects of packets or frames - size, ordering,
frequency, etc. A sender can quite often manipulate these parameters
and stay compliant to the requirements of the QUIC protocol. For
example, QUIC streams are an ordered reliable byte stream that is
serialized as a sequence of STREAM frames with a length and offset.
Receivers are expected to reassemble frames into an ordered reliable
byte stream such that an application reading from a stream can be
abstracted from matters of the transport later. A sender that
purposefully reorders STREAM frames will help exercise the reassembly
features of the receiver. It is not expected that this would cause a
functional failure in the application layer. However, it may
introduce delays or stream head-of-line blocking that affect the
performance aspects of a transmission, which may not be acceptable
for a given use case.
Pardue Expires 11 January 2024 [Page 5]
Internet-Draft Maintaining Protocols Using Grease and V July 2023
5. Considerations for Protocol Versions
There are intrinsic and well-documented issues related to testing
version negotiation of protocols; see [EXTENSIBILITY] and Sections
2.1 and 3.2 of [VIABILITY]. This section will be expanded with
advice for protocol designers and implementers about how to approach
these problems.
6. Security Considerations
The considerations in [MAINTENANCE], [GREASE], [END-USERS], and
[VIABILITY] all apply to the topics discussed in this document.
The use of protocol features, extensions, and versions can already
allow fingerprinting. Any techniques that change parameters in any
way, including but not limited to those discussed in this document,
can affect fingerprinting. A deeper analysis of this topic has been
deemed out of scope.
7. IANA Considerations
This document has no IANA actions.
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
8.2. Informative References
[END-USERS]
Nottingham, M., "The Internet is for End Users", RFC 8890,
DOI 10.17487/RFC8890, August 2020,
<https://www.rfc-editor.org/rfc/rfc8890>.
[EXTENSIBILITY]
Carpenter, B., Aboba, B., Ed., and S. Cheshire, "Design
Considerations for Protocol Extensions", RFC 6709,
DOI 10.17487/RFC6709, September 2012,
<https://www.rfc-editor.org/rfc/rfc6709>.
Pardue Expires 11 January 2024 [Page 6]
Internet-Draft Maintaining Protocols Using Grease and V July 2023
[GREASE] Benjamin, D., "Applying Generate Random Extensions And
Sustain Extensibility (GREASE) to TLS Extensibility",
RFC 8701, DOI 10.17487/RFC8701, January 2020,
<https://www.rfc-editor.org/rfc/rfc8701>.
[HTTP/3] Bishop, M., Ed., "HTTP/3", RFC 9114, DOI 10.17487/RFC9114,
June 2022, <https://www.rfc-editor.org/rfc/rfc9114>.
[MAINTENANCE]
Thomson, M. and D. Schinazi, "Maintaining Robust
Protocols", RFC 9413, DOI 10.17487/RFC9413, June 2023,
<https://www.rfc-editor.org/rfc/rfc9413>.
[QUIC] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000,
DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/rfc/rfc9000>.
[SUCCESS] Thaler, D. and B. Aboba, "What Makes for a Successful
Protocol?", RFC 5218, DOI 10.17487/RFC5218, July 2008,
<https://www.rfc-editor.org/rfc/rfc5218>.
[VIABILITY]
Thomson, M. and T. Pauly, "Long-Term Viability of Protocol
Extension Mechanisms", RFC 9170, DOI 10.17487/RFC9170,
December 2021, <https://www.rfc-editor.org/rfc/rfc9170>.
Acknowledgments
This work is a summary of the topics discussed during EDM meetings.
The contributors at those meetings are thanked.
Author's Address
Lucas Pardue
Cloudflare
Email: lucaspardue.24.7@gmail.com
Pardue Expires 11 January 2024 [Page 7]