Between last time we discussed it and now, waiting seems to have been
prudent, as the TLS/QUIC interaction got significantly revamped.
The current QUIC drafts have TLS exporting key material and plaintext
handshake messages, with QUIC record protection used on the wire and not
TLS record protection.  There is a huge amount of interest in QUIC at the
IETF, and we will need to support it eventually.  But that may be best as
limited to exposing the needed APIs and not necessarily pulling in a full
QUIC implementation -- I haven't thought about that question very much.

I don't think I would have the team as a whole prioritize QUIC over FIPS,
though it may be worth someone taking an initial look at what would be
needed.

-Ben

On Mon, Nov 12, 2018 at 11:34:20AM +0100, Richard Levitte wrote:
> For those wanting to follow what's happening in QUIC space, this is a
> good place to start: https://datatracker.ietf.org/wg/quic/about/
> 
> In message <20181112.113323.260349601387601601.levi...@openssl.org> on Mon, 
> 12 Nov 2018 11:33:23 +0100 (CET), Richard Levitte <levi...@openssl.org> said:
> 
> > QUIC was mentioned a little more than a year ago.   Since then, it
> > seems that the drafts have moved forward with quite some speed:
> > 
> > https://tools.ietf.org/html/draft-ietf-quic-transport-16
> > https://tools.ietf.org/html/draft-ietf-quic-tls-16
> > https://tools.ietf.org/html/draft-ietf-quic-recovery-16
> > 
> > There seems to be an effort to have the next major HTTP version be
> > based on QUIC, at least if this blog is any indication:
> > 
> > https://daniel.haxx.se/blog/2018/11/11/http-3/
> > 
> > So the question is, should we start taking a closer look?  Last time,
> > it seems like the discussions were cautiously positive, but never
> > reached a conclusion.
> > 
> > Thoughts?  Anyone feeling enthusiastic and want to do something?
> > 
> > Cheers,
> > Richard
> > 
> > -- 
> > Richard Levitte         levi...@openssl.org
> > OpenSSL Project         http://www.openssl.org/~levitte/
> > 
> _______________________________________________
> openssl-project mailing list
> openssl-project@openssl.org
> https://mta.openssl.org/mailman/listinfo/openssl-project
_______________________________________________
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Reply via email to