> On 7 Jan 2021, at 07.54, Benjamin Kaduk <[email protected]> wrote: > > Do we have any reason to believe that non-standards-track versions > will or will not intend to coexist with v1? I, at least, do not have any > data on that question either way. I think this relates to my (3) above -- > are we assuming that the problem of downgrade protection only becomes > relevant when there is specifically an IETF v2?
There are probably no information available at this point, but given how easy it is to deploy a new QUIC version, it is likely that several non-standard versions will emerge. Some variability can happen within v1 using extension frames but for example crypto will require a new version. TLS 1.3 is not suitable for very resource constrained devices so it is likely that optimized protocols will emerge either as a standard or out of necessity. Another example could be space communication with network characteristics beyond what is practical in v1, and this isn’t that far out given that a mobile network has already been contracted for a moon base. Even so, the overreaching concern was that producing a broken version negotiation protocol would be far worse than not providing one as long as there is only one version. This would also allow for practical experiments - keeping in mind that at the time, various prototype implementations were rather rudimentary. There were other more pressing concerns such as connection migration that had to be done right in v1. Getting everything right would risk never getting anything done. So ideally version negotiation should be ready for v1 but realistically, it is not critical facility as long as there is only one version. Thus, anyone releasing other versions while there is no standardized negotiation protocol would necessarily not be able to safely interoperate with other versions in general, but they would be able to detect multiple client versions and decide to accept or reject a connection. We have also historically seen downgrade attacks in critical infrastructure such as TLS, so version negotiation should not be taken lightly. Again, no negotiation is better than bad negotiation. Mikkel
