Plain-text communication was an explicit anti-goal in the design of QUIC. That said, there was a QUIC extension that disables encryption after the handshake, but it never moved past a -00 version, and has expired a long time ago: https://datatracker.ietf.org/doc/html/draft-banks-quic-disable-encryption
> The second is slight concern that what became of TLS 1.0, 1.1, and 1.2 will become of 1.3. How will QUIC be updated to TLS1.3's successor? Lucas hinted that it's possible to swap out TLS. The answer to this concern is no doubt in the documentation you've worked on. That depends on the shape of the TLS 1.3 successor. It might be possible that this version can be negotiated on the TLS layer, and no changes to the QUIC integration are needed at all. Or it might require changes to the API between the TLS and the QUIC stack, in that case, we'd need to define a new QUIC version. QUIC has a built-in version negotiation mechanism that will make this transition possible in internet-wide deployments. On Tue, 23 Jan 2024 at 03:41, Nicholas Warren <[email protected]> wrote: > My curiosity stems from two parts. The first is that QUIC, except > mandatory TLS, seems to be the most attractive "out of the box" > transportation protocol for a personal group project (vs. TCP, UDP, and > SCTP). Our desire for plain-text communication is because we need to watch > the communication. > > The second is slight concern that what became of TLS 1.0, 1.1, and 1.2 > will become of 1.3. How will QUIC be updated to TLS1.3's successor? Lucas > hinted that it's possible to swap out TLS. The answer to this concern is no > doubt in the documentation you've worked on. > > Personally, I think mandatory TLS will be fantastic for internet traffic. > I will be watching Martin Thomson's overview, thank you. > > -----Original Message----- > From: Matt Joras <[email protected]> > Sent: Monday, January 22, 2024 12:31 PM > To: Nick Harper <[email protected]> > Cc: Nicholas Warren <[email protected]>; [email protected] > Subject: Re: Historic TLS Discussion > > (no hats on) > > What Nick says matches my understanding. Nicholas, could you elaborate why > you're asking? I.e. are you curious _why_ QUIC mandates TLS 1.3, instead of > something else, or leaving open the door more explicitly for something else? > > On Mon, Jan 22, 2024 at 10:25 AM Nick Harper <[email protected]> wrote: > > > > That discussion would've happened during the WG formation. That QUIC > uses TLS has been in the WG charter since the first draft that I see on the > datatracker, and the original approved charter calls out a key goal of > "Providing always-secure transport, using TLS 1.3 by default." > > > > On Mon, Jan 22, 2024 at 10:12 AM Nicholas Warren < > [email protected]> wrote: > >> > >> Hello quic wg. > >> > >> I am curious about how quic seemingly mandates usage of TLS (rfc9000 > section 5); albeit I have not completely read quic-tls. > >> > >> Does anyone remember when you all discussed this? I was hoping to go > back and read the archived list from when the discussion had taken place. > >> > >> Thanks, > >> > >> Nich Warren >
