From b0b586f5588fa2b46eb9efeb1b7e402d260f1f6d Mon Sep 17 00:00:00 2001 From: Ben Schwartz Date: Thu, 26 Oct 2023 12:54:53 -0400 Subject: [PATCH 1/2] Note that the QUIC bit cannot be used with forwarding mode --- draft-ietf-masque-quic-proxy.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/draft-ietf-masque-quic-proxy.md b/draft-ietf-masque-quic-proxy.md index c08ee56..f39331e 100644 --- a/draft-ietf-masque-quic-proxy.md +++ b/draft-ietf-masque-quic-proxy.md @@ -734,6 +734,21 @@ headers does not apply. A proxy MAY additionally add ECN markings to signal congestion being experienced on the proxy itself. +## QUIC Version Independence + +When forwarding mode is enabled, the client and target MAY negotiate any QUIC +version, and MAY send packets of that version through the forwarding path. +The proxy does not know what version they are using, so it can only require that +these packets conform to the QUIC invariants for short-header packets +({{?RFC8999}}, Section 5.2). + +QUIC version 1 specifies a Fixed Bit (a.k.a. the "QUIC bit") with a fixed value +to support sharing a 5-tuple with other protocols such as DTLS, but the QUIC +invariants do not guarantee the value of this bit. Accordingly proxies with +forwarding mode enabled MUST NOT rely on this bit for protocol identification, +and SHOULD send and accept the `grease_quic_bit` transport parameter +{{?GREASE-QUIC-BIT=RFC9297}} to avoid ossification of the forwarding mode path. + # Example Consider a client that is establishing a new QUIC connection through the proxy. From 53095bd2b761daa9e430152c7c6ffe2e5286a788 Mon Sep 17 00:00:00 2001 From: Ben Schwartz Date: Thu, 26 Oct 2023 13:21:54 -0400 Subject: [PATCH 2/2] Change reference label --- draft-ietf-masque-quic-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-masque-quic-proxy.md b/draft-ietf-masque-quic-proxy.md index f39331e..ada98a3 100644 --- a/draft-ietf-masque-quic-proxy.md +++ b/draft-ietf-masque-quic-proxy.md @@ -747,7 +747,7 @@ to support sharing a 5-tuple with other protocols such as DTLS, but the QUIC invariants do not guarantee the value of this bit. Accordingly proxies with forwarding mode enabled MUST NOT rely on this bit for protocol identification, and SHOULD send and accept the `grease_quic_bit` transport parameter -{{?GREASE-QUIC-BIT=RFC9297}} to avoid ossification of the forwarding mode path. +{{?QUIC-GREASE=RFC9297}} to avoid ossification of the forwarding mode path. # Example