| rfc8999.original.xml | rfc8999.xml | |||
|---|---|---|---|---|
| <?xml version='1.0' encoding='utf-8'?> | <?xml version="1.0" encoding="UTF-8"?> | |||
| <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> | <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | |||
| <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.3.18 --> | -ietf-quic-invariants-13" category="std" consensus="true" number="8999" obsolete | |||
| <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent"> | s="" updates="" submissionType="IETF" xml:lang="en" tocInclude="true" sortRefs=" | |||
| <?rfc toc="yes"?> | true" symRefs="true" version="3"> | |||
| <?rfc sortrefs="yes"?> | <link href="https://datatracker.ietf.org/doc/draft-ietf-quic-invariants-13" re | |||
| <?rfc symrefs="yes"?> | l="prev"/> | |||
| <?rfc docmapping="yes"?> | ||||
| <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | ||||
| -ietf-quic-invariants-13" category="std" obsoletes="" updates="" submissionType= | ||||
| "IETF" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3 | ||||
| "> | ||||
| <!-- xml2rfc v2v3 conversion 3.5.0 --> | ||||
| <front> | <front> | |||
| <title abbrev="QUIC Invariants">Version-Independent Properties of QUIC</titl e> | <title abbrev="QUIC Invariants">Version-Independent Properties of QUIC</titl e> | |||
| <seriesInfo name="Internet-Draft" value="draft-ietf-quic-invariants-13"/> | <seriesInfo name="RFC" value="8999"/> | |||
| <author initials="M." surname="Thomson" fullname="Martin Thomson"> | <author initials="M." surname="Thomson" fullname="Martin Thomson"> | |||
| <organization>Mozilla</organization> | <organization>Mozilla</organization> | |||
| <address> | <address> | |||
| <email>mt@lowentropy.net</email> | <email>mt@lowentropy.net</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <date year="2021" month="January" day="15"/> | <date year="2021" month="May"/> | |||
| <area>Transport</area> | <area>Transport</area> | |||
| <workgroup>QUIC</workgroup> | <workgroup>QUIC</workgroup> | |||
| <keyword>crypto</keyword> | ||||
| <keyword>next generation</keyword> | ||||
| <keyword>protocol</keyword> | ||||
| <keyword>secure</keyword> | ||||
| <keyword>transport</keyword> | ||||
| <keyword>UDP</keyword> | ||||
| <keyword>invariants</keyword> | ||||
| <abstract> | <abstract> | |||
| <t>This document defines the properties of the QUIC transport protocol tha t are | <t>This document defines the properties of the QUIC transport protocol tha t are | |||
| common to all versions of the protocol.</t> | common to all versions of the protocol.</t> | |||
| </abstract> | </abstract> | |||
| <note> | ||||
| <name>Note to Readers</name> | ||||
| <t>Discussion of this draft takes place on the QUIC working group mailing | ||||
| list | ||||
| (<eref target="mailto:quic@ietf.org">quic@ietf.org</eref>), which is archived at | ||||
| <eref target="https://mailarchive.ietf.org/arch/search/?email_list=quic"/>.</t> | ||||
| <t>Working Group information can be found at <eref target="https://github. | ||||
| com/quicwg"/>; source | ||||
| code and issues list for this draft can be found at | ||||
| <eref target="https://github.com/quicwg/base-drafts/labels/-invariants"/>.</t> | ||||
| </note> | ||||
| </front> | </front> | |||
| <middle> | <middle> | |||
| <section anchor="an-extremely-abstract-description-of-quic" numbered="true" toc="default"> | <section anchor="an-extremely-abstract-description-of-quic" numbered="true" toc="default"> | |||
| <name>An Extremely Abstract Description of QUIC</name> | <name>An Extremely Abstract Description of QUIC</name> | |||
| <t>QUIC is a connection-oriented protocol between two endpoints. Those en dpoints | <t>QUIC is a connection-oriented protocol between two endpoints. Those en dpoints | |||
| exchange UDP datagrams. These UDP datagrams contain QUIC packets. QUIC | exchange UDP datagrams. These UDP datagrams contain QUIC packets. QUIC | |||
| endpoints use QUIC packets to establish a QUIC connection, which is shared | endpoints use QUIC packets to establish a QUIC connection, which is shared | |||
| protocol state between those endpoints.</t> | protocol state between those endpoints.</t> | |||
| </section> | </section> | |||
| <section anchor="fixed-properties-of-all-quic-versions" numbered="true" toc= "default"> | <section anchor="fixed-properties-of-all-quic-versions" numbered="true" toc= "default"> | |||
| <name>Fixed Properties of All QUIC Versions</name> | <name>Fixed Properties of All QUIC Versions</name> | |||
| <t>In addition to providing secure, multiplexed transport, QUIC <xref targ et="QUIC-TRANSPORT" format="default"/> | <t>In addition to providing secure, multiplexed transport, QUIC <xref targ et="QUIC-TRANSPORT" format="default"/> | |||
| allows for the option to negotiate a version. This allows the protocol to | allows for the option to negotiate a version. This allows the protocol to | |||
| change over time in response to new requirements. Many characteristics of the | change over time in response to new requirements. Many characteristics of the | |||
| protocol could change between versions.</t> | protocol could change between versions.</t> | |||
| <t>This document describes the subset of QUIC that is intended to remain s table as | <t>This document describes the subset of QUIC that is intended to remain s table as | |||
| new versions are developed and deployed. All of these invariants are | new versions are developed and deployed. All of these invariants are | |||
| IP-version-independent.</t> | independent of the IP version.</t> | |||
| <t>The primary goal of this document is to ensure that it is possible to d eploy new | <t>The primary goal of this document is to ensure that it is possible to d eploy new | |||
| versions of QUIC. By documenting the properties that cannot change, this | versions of QUIC. By documenting the properties that cannot change, this | |||
| document aims to preserve the ability for QUIC endpoints to negotiate changes to | document aims to preserve the ability for QUIC endpoints to negotiate changes to | |||
| any other aspect of the protocol. As a consequence, this also guarantees a | any other aspect of the protocol. As a consequence, this also guarantees a | |||
| minimal amount of information that is made available to entities other than | minimal amount of information that is made available to entities other than | |||
| endpoints. Unless specifically prohibited in this document, any aspect of the | endpoints. Unless specifically prohibited in this document, any aspect of the | |||
| protocol can change between different versions.</t> | protocol can change between different versions.</t> | |||
| <t><xref target="bad-assumptions" format="default"/> contains a non-exhaus tive list of some incorrect assumptions | <t><xref target="bad-assumptions" format="default"/> contains a non-exhaus tive list of some incorrect assumptions | |||
| that might be made based on knowledge of QUIC version 1; these do not apply to | that might be made based on knowledge of QUIC version 1; these do not apply to | |||
| every version of QUIC.</t> | every version of QUIC.</t> | |||
| </section> | </section> | |||
| <section anchor="conventions-and-definitions" numbered="true" toc="default"> | <section anchor="conventions-and-definitions" numbered="true" toc="default"> | |||
| <name>Conventions and Definitions</name> | <name>Conventions and Definitions</name> | |||
| <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL | <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14 | |||
| NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", | >REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14> | |||
| "MAY", and "OPTIONAL" in this document are to be interpreted as | SHOULD</bcp14>", | |||
| described in BCP 14 <xref target="RFC2119" format="default"/> <xref target= | "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMEND | |||
| "RFC8174" format="default"/> when, and only when, they | ED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this | |||
| appear in all capitals, as shown here.</t> | document are to be interpreted as described in BCP 14 <xref target="RFC2119" for | |||
| mat="default"/> <xref target="RFC8174" format="default"/> | ||||
| when, and only when, they appear in all capitals, as shown here.</t> | ||||
| <t>This document defines requirements on future QUIC versions, even where normative | <t>This document defines requirements on future QUIC versions, even where normative | |||
| language is not used.</t> | language is not used.</t> | |||
| <t>This document uses terms and notational conventions from <xref target=" QUIC-TRANSPORT" format="default"/>.</t> | <t>This document uses terms and notational conventions from <xref target=" QUIC-TRANSPORT" format="default"/>.</t> | |||
| </section> | </section> | |||
| <section anchor="notational-conventions" numbered="true" toc="default"> | <section anchor="notational-conventions" numbered="true" toc="default"> | |||
| <name>Notational Conventions</name> | <name>Notational Conventions</name> | |||
| <t>The format of packets is described using the notation defined in this s ection. | <t>The format of packets is described using the notation defined in this s ection. | |||
| This notation is the same as that used in <xref target="QUIC-TRANSPORT" format=" default"/>.</t> | This notation is the same as that used in <xref target="QUIC-TRANSPORT" format=" default"/>.</t> | |||
| <t>Complex fields are named and then followed by a list of fields surround ed by a | <t>Complex fields are named and then followed by a list of fields surround ed by a | |||
| pair of matching braces. Each field in this list is separated by commas.</t> | pair of matching braces. Each field in this list is separated by commas.</t> | |||
| <t>Individual fields include length information, plus indications about fi xed | <t>Individual fields include length information, plus indications about fi xed | |||
| value, optionality, or repetitions. Individual fields use the following | value, optionality, or repetitions. Individual fields use the following | |||
| notational conventions, with all lengths in bits:</t> | notational conventions, with all lengths in bits:</t> | |||
| <dl> | <dl> | |||
| <dt> | <dt>x (A):</dt> | |||
| x (A): </dt> | ||||
| <dd> | <dd> | |||
| <t>Indicates that x is A bits long</t> | <t>Indicates that x is A bits long</t> | |||
| </dd> | </dd> | |||
| <dt> | <dt>x (A..B):</dt> | |||
| x (A..B): </dt> | ||||
| <dd> | <dd> | |||
| <t>Indicates that x can be any length from A to B; A can be omitted to indicate | <t>Indicates that x can be any length from A to B; A can be omitted to indicate | |||
| a minimum of zero bits and B can be omitted to indicate no set upper limit; | a minimum of zero bits, and B can be omitted to indicate no set upper limit; | |||
| values in this format always end on an byte boundary</t> | values in this format always end on a byte boundary</t> | |||
| </dd> | </dd> | |||
| <dt> | <dt>x (L) = C:</dt> | |||
| x (L) = C: </dt> | ||||
| <dd> | <dd> | |||
| <t>Indicates that x, with a length described by L, has a fixed value o | <t>Indicates that x has a fixed value of C; the length of x is describ | |||
| f C</t> | ed by | |||
| L, which can use any of the length forms above</t> | ||||
| </dd> | </dd> | |||
| <dt> | <dt>x (L) ...:</dt> | |||
| x (L) ...: </dt> | ||||
| <dd> | <dd> | |||
| <t>Indicates that x is repeated zero or more times (and that each inst | <t>Indicates that x is repeated zero or more times and that each insta | |||
| ance is | nce has a | |||
| length L)</t> | length of L</t> | |||
| </dd> | </dd> | |||
| </dl> | </dl> | |||
| <t>This document uses network byte order (that is, big endian) values. Fi elds | <t>This document uses network byte order (that is, big endian) values. Fi elds | |||
| are placed starting from the high-order bits of each byte.</t> | are placed starting from the high-order bits of each byte.</t> | |||
| <t><xref target="fig-ex-format" format="default"/> shows an example struct ure:</t> | <t><xref target="fig-ex-format" format="default"/> shows an example struct ure:</t> | |||
| <figure anchor="fig-ex-format"> | <figure anchor="fig-ex-format"> | |||
| <name>Example Format</name> | <name>Example Format</name> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <artwork name="" type="" align="left" alt=""><![CDATA[ | |||
| Example Structure { | Example Structure { | |||
| One-bit Field (1), | One-bit Field (1), | |||
| skipping to change at line 132 ¶ | skipping to change at line 119 ¶ | |||
| } | } | |||
| ]]></artwork> | ]]></artwork> | |||
| </figure> | </figure> | |||
| </section> | </section> | |||
| <section anchor="quic-packets" numbered="true" toc="default"> | <section anchor="quic-packets" numbered="true" toc="default"> | |||
| <name>QUIC Packets</name> | <name>QUIC Packets</name> | |||
| <t>QUIC endpoints exchange UDP datagrams that contain one or more QUIC pac kets. | <t>QUIC endpoints exchange UDP datagrams that contain one or more QUIC pac kets. | |||
| This section describes the invariant characteristics of a QUIC packet. A | This section describes the invariant characteristics of a QUIC packet. A | |||
| version of QUIC could permit multiple QUIC packets in a single UDP datagram, but | version of QUIC could permit multiple QUIC packets in a single UDP datagram, but | |||
| the invariant properties only describe the first packet in a datagram.</t> | the invariant properties only describe the first packet in a datagram.</t> | |||
| <t>QUIC defines two types of packet header: long and short. Packets with | <t>QUIC defines two types of packet headers: long and short. Packets with | |||
| long | a long | |||
| headers are identified by the most significant bit of the first byte being set; | header are identified by the most significant bit of the first byte being set; | |||
| packets with a short header have that bit cleared.</t> | packets with a short header have that bit cleared.</t> | |||
| <t>QUIC packets might be integrity protected, including the header. Howev er, QUIC | <t>QUIC packets might be integrity protected, including the header. Howev er, QUIC | |||
| Version Negotiation packets are not integrity protected; see <xref target="vn" f ormat="default"/>.</t> | Version Negotiation packets are not integrity protected; see <xref target="vn" f ormat="default"/>.</t> | |||
| <t>Aside from the values described here, the payload of QUIC packets is | <t>Aside from the values described here, the payload of QUIC packets is | |||
| version-specific and of arbitrary length.</t> | version specific and of arbitrary length.</t> | |||
| <section anchor="long-header" numbered="true" toc="default"> | <section anchor="long-header" numbered="true" toc="default"> | |||
| <name>Long Header</name> | <name>Long Header</name> | |||
| <t>Long headers take the form described in <xref target="fig-long" forma t="default"/>.</t> | <t>Long headers take the form described in <xref target="fig-long" forma t="default"/>.</t> | |||
| <figure anchor="fig-long"> | <figure anchor="fig-long"> | |||
| <name>QUIC Long Header</name> | <name>QUIC Long Header</name> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <artwork name="" type="" align="left" alt=""><![CDATA[ | |||
| Long Header Packet { | Long Header Packet { | |||
| Header Form (1) = 1, | Header Form (1) = 1, | |||
| Version-Specific Bits (7), | Version-Specific Bits (7), | |||
| Version (32), | Version (32), | |||
| skipping to change at line 189 ¶ | skipping to change at line 176 ¶ | |||
| Header Form (1) = 0, | Header Form (1) = 0, | |||
| Version-Specific Bits (7), | Version-Specific Bits (7), | |||
| Destination Connection ID (..), | Destination Connection ID (..), | |||
| Version-Specific Data (..), | Version-Specific Data (..), | |||
| } | } | |||
| ]]></artwork> | ]]></artwork> | |||
| </figure> | </figure> | |||
| <t>A QUIC packet with a short header has the high bit of the first byte set to 0.</t> | <t>A QUIC packet with a short header has the high bit of the first byte set to 0.</t> | |||
| <t>A QUIC packet with a short header includes a Destination Connection I D | <t>A QUIC packet with a short header includes a Destination Connection I D | |||
| immediately following the first byte. The short header does not include the | immediately following the first byte. The short header does not include the | |||
| Connection ID Lengths, Source Connection ID, or Version fields. The length of | Destination Connection ID Length, Source Connection ID Length, Source Connection | |||
| the Destination Connection ID is not encoded in packets with a short header | ID, or Version fields. The length of the Destination Connection ID is not | |||
| and is not constrained by this specification.</t> | encoded in packets with a short header and is not constrained by this | |||
| specification.</t> | ||||
| <t>The remainder of the packet has version-specific semantics.</t> | <t>The remainder of the packet has version-specific semantics.</t> | |||
| </section> | </section> | |||
| <section anchor="connection-id" numbered="true" toc="default"> | <section anchor="connection-id" numbered="true" toc="default"> | |||
| <name>Connection ID</name> | <name>Connection ID</name> | |||
| <t>A connection ID is an opaque field of arbitrary length.</t> | <t>A connection ID is an opaque field of arbitrary length.</t> | |||
| <t>The primary function of a connection ID is to ensure that changes in addressing | <t>The primary function of a connection ID is to ensure that changes in addressing | |||
| at lower protocol layers (UDP, IP, and below) do not cause packets for a QUIC | at lower protocol layers (UDP, IP, and below) do not cause packets for a QUIC | |||
| connection to be delivered to the wrong QUIC endpoint. The connection ID | connection to be delivered to the wrong QUIC endpoint. The connection ID | |||
| is used by endpoints and the intermediaries that support them to ensure that | is used by endpoints and the intermediaries that support them to ensure that | |||
| each QUIC packet can be delivered to the correct instance of an endpoint. At | each QUIC packet can be delivered to the correct instance of an endpoint. At | |||
| the endpoint, the connection ID is used to identify the QUIC connection for | the endpoint, the connection ID is used to identify the QUIC connection for | |||
| which the packet is intended.</t> | which the packet is intended.</t> | |||
| <t>The connection ID is chosen by each endpoint using version-specific m ethods. | <t>The connection ID is chosen by each endpoint using version-specific m ethods. | |||
| Packets for the same QUIC connection might use different connection ID values.</ t> | Packets for the same QUIC connection might use different connection ID values.</ t> | |||
| </section> | </section> | |||
| <section anchor="version" numbered="true" toc="default"> | <section anchor="version" numbered="true" toc="default"> | |||
| <name>Version</name> | <name>Version</name> | |||
| <t>The Version field contains a 4-byte identifier. This value can be us ed by | <t>The Version field contains a 4-byte identifier. This value can be us ed by | |||
| endpoints to identify a QUIC Version. A Version field with a value of | endpoints to identify a QUIC version. A Version field with a value of | |||
| 0x00000000 is reserved for version negotiation; see <xref target="vn" format="de fault"/>. All other values | 0x00000000 is reserved for version negotiation; see <xref target="vn" format="de fault"/>. All other values | |||
| are potentially valid.</t> | are potentially valid.</t> | |||
| <t>The properties described in this document apply to all versions of QU IC. A | <t>The properties described in this document apply to all versions of QU IC. A | |||
| protocol that does not conform to the properties described in this document is | protocol that does not conform to the properties described in this document is | |||
| not QUIC. Future documents might describe additional properties that apply to | not QUIC. Future documents might describe additional properties that apply to | |||
| a specific QUIC version, or to a range of QUIC versions.</t> | a specific QUIC version or to a range of QUIC versions.</t> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="vn" numbered="true" toc="default"> | <section anchor="vn" numbered="true" toc="default"> | |||
| <name>Version Negotiation</name> | <name>Version Negotiation</name> | |||
| <t>A QUIC endpoint that receives a packet with a long header and a version it | <t>A QUIC endpoint that receives a packet with a long header and a version it | |||
| either does not understand or does not support might send a Version Negotiation | either does not understand or does not support might send a Version Negotiation | |||
| packet in response. Packets with a short header do not trigger version | packet in response. Packets with a short header do not trigger version | |||
| negotiation.</t> | negotiation.</t> | |||
| <t>A Version Negotiation packet sets the high bit of the first byte, and t hus it | <t>A Version Negotiation packet sets the high bit of the first byte, and t hus it | |||
| conforms with the format of a packet with a long header as defined in | conforms with the format of a packet with a long header as defined in | |||
| skipping to change at line 245 ¶ | skipping to change at line 233 ¶ | |||
| Version (32) = 0, | Version (32) = 0, | |||
| Destination Connection ID Length (8), | Destination Connection ID Length (8), | |||
| Destination Connection ID (0..2040), | Destination Connection ID (0..2040), | |||
| Source Connection ID Length (8), | Source Connection ID Length (8), | |||
| Source Connection ID (0..2040), | Source Connection ID (0..2040), | |||
| Supported Version (32) ..., | Supported Version (32) ..., | |||
| } | } | |||
| ]]></artwork> | ]]></artwork> | |||
| </figure> | </figure> | |||
| <t>Only the most significant bit of the first byte of a Version Negotiatio n packet | <t>Only the most significant bit of the first byte of a Version Negotiatio n packet | |||
| has any defined value. The remaining 7 bits, labeled Unused, can be set to any | has any defined value. The remaining 7 bits, labeled "Unused", can be set to | |||
| value when sending and MUST be ignored on receipt.</t> | any value when sending and <bcp14>MUST</bcp14> be ignored on receipt.</t> | |||
| <t>After the Source Connection ID field, the Version Negotiation packet co ntains a | <t>After the Source Connection ID field, the Version Negotiation packet co ntains a | |||
| list of Supported Version fields, each identifying a version that the endpoint | list of Supported Version fields, each identifying a version that the endpoint | |||
| sending the packet supports. A Version Negotiation packet contains no other | sending the packet supports. A Version Negotiation packet contains no other | |||
| fields. An endpoint MUST ignore a packet that contains no Supported Version | fields. An endpoint <bcp14>MUST</bcp14> ignore a packet that contains no Suppor | |||
| fields, or a truncated Supported Version.</t> | ted Version | |||
| fields or contains a truncated Supported Version value.</t> | ||||
| <t>Version Negotiation packets do not use integrity or confidentiality pro tection. | <t>Version Negotiation packets do not use integrity or confidentiality pro tection. | |||
| Specific QUIC versions might include protocol elements that allow endpoints to | Specific QUIC versions might include protocol elements that allow endpoints to | |||
| detect modification or corruption in the set of supported versions.</t> | detect modification or corruption in the set of supported versions.</t> | |||
| <t>An endpoint MUST include the value from the Source Connection ID field | <t>An endpoint <bcp14>MUST</bcp14> include the value from the Source Conne | |||
| of the | ction ID field of the | |||
| packet it receives in the Destination Connection ID field. The value for Source | packet it receives in the Destination Connection ID field. The value for the | |||
| Connection ID MUST be copied from the Destination Connection ID of the received | Source Connection ID field <bcp14>MUST</bcp14> be copied from the Destination Co | |||
| packet, which is initially randomly selected by a client. Echoing both | nnection ID | |||
| connection IDs gives clients some assurance that the server received the packet | field of the received packet, which is initially randomly selected by a client. | |||
| and that the Version Negotiation packet was not generated by an attacker that is | Echoing both connection IDs gives clients some assurance that the server | |||
| unable to observe packets.</t> | received the packet and that the Version Negotiation packet was not generated by | |||
| an attacker that is unable to observe packets.</t> | ||||
| <t>An endpoint that receives a Version Negotiation packet might change the version | <t>An endpoint that receives a Version Negotiation packet might change the version | |||
| that it decides to use for subsequent packets. The conditions under which an | that it decides to use for subsequent packets. The conditions under which an | |||
| endpoint changes QUIC version will depend on the version of QUIC that it | endpoint changes its QUIC version will depend on the version of QUIC that it | |||
| chooses.</t> | chooses.</t> | |||
| <t>See <xref target="QUIC-TRANSPORT" format="default"/> for a more thoroug h description of how an endpoint that | <t>See <xref target="QUIC-TRANSPORT" format="default"/> for a more thoroug h description of how an endpoint that | |||
| supports QUIC version 1 generates and consumes a Version Negotiation packet.</t> | supports QUIC version 1 generates and consumes a Version Negotiation packet.</t> | |||
| </section> | </section> | |||
| <section anchor="security-and-privacy-considerations" numbered="true" toc="d efault"> | <section anchor="security-and-privacy-considerations" numbered="true" toc="d efault"> | |||
| <name>Security and Privacy Considerations</name> | <name>Security and Privacy Considerations</name> | |||
| <t>It is possible that middleboxes could observe traits of a specific vers ion of | <t>It is possible that middleboxes could observe traits of a specific vers ion of | |||
| QUIC and assume that when other versions of QUIC exhibit similar traits the same | QUIC and assume that when other versions of QUIC exhibit similar traits the same | |||
| underlying semantic is being expressed. There are potentially many such traits; | underlying semantic is being expressed. There are potentially many such traits; | |||
| see <xref target="bad-assumptions" format="default"/>. Some effort has been mad e to either eliminate or | see <xref target="bad-assumptions" format="default"/>. Some effort has been mad e to either eliminate or | |||
| obscure some observable traits in QUIC version 1, but many of these remain. | obscure some observable traits in QUIC version 1, but many of these remain. | |||
| Other QUIC versions might make different design decisions and so exhibit | Other QUIC versions might make different design decisions and so exhibit | |||
| different traits.</t> | different traits.</t> | |||
| <t>The QUIC version number does not appear in all QUIC packets, which mean s that | <t>The QUIC version number does not appear in all QUIC packets, which mean s that | |||
| reliably extracting information from a flow based on version-specific traits | reliably extracting information from a flow based on version-specific traits | |||
| requires that middleboxes retain state for every connection ID they see.</t> | requires that middleboxes retain state for every connection ID they see.</t> | |||
| <t>The Version Negotiation packet described in this document is not | <t>The Version Negotiation packet described in this document is not | |||
| integrity-protected; it only has modest protection against insertion by | integrity protected; it only has modest protection against insertion by | |||
| attackers. An endpoint MUST authenticate the semantic content of a Version | attackers. An endpoint <bcp14>MUST</bcp14> authenticate the semantic content of | |||
| a Version | ||||
| Negotiation packet if it attempts a different QUIC version as a result.</t> | Negotiation packet if it attempts a different QUIC version as a result.</t> | |||
| </section> | </section> | |||
| <section anchor="iana-considerations" numbered="true" toc="default"> | ||||
| <name>IANA Considerations</name> | ||||
| <t>This document makes no request of IANA.</t> | ||||
| </section> | ||||
| </middle> | </middle> | |||
| <back> | <back> | |||
| <references> | <references> | |||
| <name>References</name> | <name>References</name> | |||
| <references> | <references> | |||
| <name>Normative References</name> | <name>Normative References</name> | |||
| <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2 119"> | <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2 119"> | |||
| <front> | <front> | |||
| <title>Key words for use in RFCs to Indicate Requirement Levels</tit le> | <title>Key words for use in RFCs to Indicate Requirement Levels</tit le> | |||
| <author initials="S." surname="Bradner" fullname="S. Bradner"> | <author fullname="S. Bradner" initials="S." surname="Bradner"> | |||
| <organization/> | <organization/> | |||
| </author> | </author> | |||
| <date year="1997" month="March"/> | <date month="March" year="1997"/> | |||
| <abstract> | <abstract> | |||
| <t>In many standards track documents several words are used to sig nify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF document s. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> | <t>In many standards track documents several words are used to sig nify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF document s. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> | |||
| </abstract> | </abstract> | |||
| </front> | </front> | |||
| <seriesInfo name="BCP" value="14"/> | <seriesInfo name="BCP" value="14"/> | |||
| <seriesInfo name="RFC" value="2119"/> | <seriesInfo name="RFC" value="2119"/> | |||
| <seriesInfo name="DOI" value="10.17487/RFC2119"/> | <seriesInfo name="DOI" value="10.17487/RFC2119"/> | |||
| </reference> | </reference> | |||
| <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8 174"> | <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8 174"> | |||
| <front> | <front> | |||
| <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti tle> | <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti tle> | |||
| <author initials="B." surname="Leiba" fullname="B. Leiba"> | <author fullname="B. Leiba" initials="B." surname="Leiba"> | |||
| <organization/> | <organization/> | |||
| </author> | </author> | |||
| <date year="2017" month="May"/> | <date month="May" year="2017"/> | |||
| <abstract> | <abstract> | |||
| <t>RFC 2119 specifies common key words that may be used in protoco l specifications. This document aims to reduce the ambiguity by clarifying tha t only UPPERCASE usage of the key words have the defined special meanings.</t> | <t>RFC 2119 specifies common key words that may be used in protoco l specifications. This document aims to reduce the ambiguity by clarifying tha t only UPPERCASE usage of the key words have the defined special meanings.</t> | |||
| </abstract> | </abstract> | |||
| </front> | </front> | |||
| <seriesInfo name="BCP" value="14"/> | <seriesInfo name="BCP" value="14"/> | |||
| <seriesInfo name="RFC" value="8174"/> | <seriesInfo name="RFC" value="8174"/> | |||
| <seriesInfo name="DOI" value="10.17487/RFC8174"/> | <seriesInfo name="DOI" value="10.17487/RFC8174"/> | |||
| </reference> | </reference> | |||
| </references> | </references> | |||
| <references> | <references> | |||
| <name>Informative References</name> | <name>Informative References</name> | |||
| <reference anchor="QUIC-TRANSPORT"> | <reference anchor="QUIC-TRANSPORT" target="https://www.rfc-editor.org/in fo/rfc9000"> | |||
| <front> | <front> | |||
| <title>QUIC: A UDP-Based Multiplexed and Secure Transport</title> | <title>QUIC: A UDP-Based Multiplexed and Secure Transport</title> | |||
| <author initials="J." surname="Iyengar" fullname="Jana Iyengar" role ="editor"> | <author initials="J." surname="Iyengar" fullname="Jana Iyengar" role ="editor"> | |||
| <organization>Google</organization> | <organization>Google</organization> | |||
| </author> | </author> | |||
| <author initials="M." surname="Thomson" fullname="Martin Thomson" ro le="editor"> | <author initials="M." surname="Thomson" fullname="Martin Thomson" ro le="editor"> | |||
| <organization>Mozilla</organization> | <organization>Mozilla</organization> | |||
| </author> | </author> | |||
| <date year="2021" month="January" day="15"/> | <date year="2021" month="May"/> | |||
| </front> | </front> | |||
| <seriesInfo name="Internet-Draft" value="draft-ietf-quic-transport-34" | <seriesInfo name="RFC" value="9000"/> | |||
| /> | <seriesInfo name="DOI" value="10.17487/RFC9000"/> | |||
| </reference> | </reference> | |||
| <reference anchor="QUIC-TLS"> | <reference anchor="QUIC-TLS" target="https://www.rfc-editor.org/info/rfc 9001"> | |||
| <front> | <front> | |||
| <title>Using Transport Layer Security (TLS) to Secure QUIC</title> | <title>Using TLS to Secure QUIC</title> | |||
| <author initials="M." surname="Thomson" fullname="Martin Thomson" ro le="editor"> | <author initials="M." surname="Thomson" fullname="Martin Thomson" ro le="editor"> | |||
| <organization>Mozilla</organization> | <organization>Mozilla</organization> | |||
| </author> | </author> | |||
| <author initials="S." surname="Turner" fullname="Sean Turner" role=" editor"> | <author initials="S." surname="Turner" fullname="Sean Turner" role=" editor"> | |||
| <organization>sn3rd</organization> | <organization>sn3rd</organization> | |||
| </author> | </author> | |||
| <date year="2021" month="January" day="15"/> | <date year="2021" month="May"/> | |||
| </front> | </front> | |||
| <seriesInfo name="Internet-Draft" value="draft-ietf-quic-tls-33"/> | <seriesInfo name="RFC" value="9001"/> | |||
| <seriesInfo name="DOI" value="10.17487/RFC9001"/> | ||||
| </reference> | </reference> | |||
| <reference anchor="RFC5116" target="https://www.rfc-editor.org/info/rfc5 116"> | <reference anchor="RFC5116" target="https://www.rfc-editor.org/info/rfc5 116"> | |||
| <front> | <front> | |||
| <title>An Interface and Algorithms for Authenticated Encryption</tit le> | <title>An Interface and Algorithms for Authenticated Encryption</tit le> | |||
| <author initials="D." surname="McGrew" fullname="D. McGrew"> | <author fullname="D. McGrew" initials="D." surname="McGrew"> | |||
| <organization/> | <organization/> | |||
| </author> | </author> | |||
| <date year="2008" month="January"/> | <date month="January" year="2008"/> | |||
| <abstract> | <abstract> | |||
| <t>This document defines algorithms for Authenticated Encryption w ith Associated Data (AEAD), and defines a uniform interface and a registry for s uch algorithms. The interface and registry can be used as an application-indepe ndent set of cryptoalgorithm suites. This approach provides advantages in effic iency and security, and promotes the reuse of crypto implementations. [STANDARD S-TRACK]</t> | <t>This document defines algorithms for Authenticated Encryption w ith Associated Data (AEAD), and defines a uniform interface and a registry for s uch algorithms. The interface and registry can be used as an application-indepe ndent set of cryptoalgorithm suites. This approach provides advantages in effic iency and security, and promotes the reuse of crypto implementations. [STANDARD S-TRACK]</t> | |||
| </abstract> | </abstract> | |||
| </front> | </front> | |||
| <seriesInfo name="RFC" value="5116"/> | <seriesInfo name="RFC" value="5116"/> | |||
| <seriesInfo name="DOI" value="10.17487/RFC5116"/> | <seriesInfo name="DOI" value="10.17487/RFC5116"/> | |||
| </reference> | </reference> | |||
| </references> | </references> | |||
| </references> | </references> | |||
| <section anchor="bad-assumptions" numbered="true" toc="default"> | <section anchor="bad-assumptions" numbered="true" toc="default"> | |||
| <name>Incorrect Assumptions</name> | <name>Incorrect Assumptions</name> | |||
| <t>There are several traits of QUIC version 1 <xref target="QUIC-TRANSPORT " format="default"/> that are not | <t>There are several traits of QUIC version 1 <xref target="QUIC-TRANSPORT " format="default"/> that are not | |||
| protected from observation, but are nonetheless considered to be changeable when | protected from observation but are nonetheless considered to be changeable when | |||
| a new version is deployed.</t> | a new version is deployed.</t> | |||
| <t>This section lists a sampling of incorrect assumptions that might be ma de about | <t>This section lists a sampling of incorrect assumptions that might be ma de about | |||
| QUIC based on knowledge of QUIC version 1. Some of these statements are not | QUIC based on knowledge of QUIC version 1. Some of these statements are not | |||
| even true for QUIC version 1. This is not an exhaustive list; it is intended to | even true for QUIC version 1. This is not an exhaustive list; it is intended to | |||
| be illustrative only.</t> | be illustrative only.</t> | |||
| <t><strong>Any and all of the following statements can be false for a give | <t> | |||
| n QUIC | <strong>Any and all of the following statements can be false for a given | |||
| version:</strong></t> | QUIC | |||
| version:</strong> | ||||
| </t> | ||||
| <ul spacing="normal"> | <ul spacing="normal"> | |||
| <li>QUIC uses TLS <xref target="QUIC-TLS" format="default"/> and some TL | <li>QUIC uses TLS <xref target="QUIC-TLS" format="default"/>, and some T | |||
| S messages are visible on the wire</li> | LS messages are visible on the wire.</li> | |||
| <li>QUIC long headers are only exchanged during connection establishment | <li>QUIC long headers are only exchanged during connection establishment | |||
| </li> | .</li> | |||
| <li>Every flow on a given 5-tuple will include a connection establishmen | <li>Every flow on a given 5-tuple will include a connection establishmen | |||
| t phase</li> | t phase.</li> | |||
| <li>The first packets exchanged on a flow use the long header</li> | <li>The first packets exchanged on a flow use the long header.</li> | |||
| <li>The last packet before a long period of quiescence might be assumed | <li>The last packet before a long period of quiescence might be assumed | |||
| to contain only an acknowledgment</li> | to contain only an acknowledgment.</li> | |||
| <li>QUIC uses an AEAD (AEAD_AES_128_GCM <xref target="RFC5116" format="d | <li>QUIC uses an Authenticated Encryption with Associated Data (AEAD) fu | |||
| efault"/>) to protect the packets it | nction | |||
| exchanges during connection establishment</li> | (AEAD_AES_128_GCM; see <xref target="RFC5116" format="default"/>) to protect the | |||
| <li>QUIC packet numbers are encrypted and appear as the first encrypted | packets it exchanges | |||
| bytes</li> | during connection establishment.</li> | |||
| <li>QUIC packet numbers increase by one for every packet sent</li> | <li>QUIC packet numbers are encrypted and appear as the first encrypted | |||
| <li>QUIC has a minimum size for the first handshake packet sent by a cli | bytes.</li> | |||
| ent</li> | <li>QUIC packet numbers increase by one for every packet sent.</li> | |||
| <li>QUIC stipulates that a client speaks first</li> | <li>QUIC has a minimum size for the first handshake packet sent by a cli | |||
| <li>QUIC packets always have the second bit of the first byte (0x40) set | ent.</li> | |||
| </li> | <li>QUIC stipulates that a client speak first.</li> | |||
| <li>A QUIC Version Negotiation packet is only sent by a server</li> | <li>QUIC packets always have the second bit of the first byte (0x40) set | |||
| <li>A QUIC connection ID changes infrequently</li> | .</li> | |||
| <li>A QUIC Version Negotiation packet is only sent by a server.</li> | ||||
| <li>A QUIC connection ID changes infrequently.</li> | ||||
| <li>QUIC endpoints change the version they speak if they are sent a Vers ion | <li>QUIC endpoints change the version they speak if they are sent a Vers ion | |||
| Negotiation packet</li> | Negotiation packet.</li> | |||
| <li>The Version field in a QUIC long header is the same in both directio | <li>The Version field in a QUIC long header is the same in both directio | |||
| ns</li> | ns.</li> | |||
| <li>A QUIC packet with a particular value in the Version field means tha t the | <li>A QUIC packet with a particular value in the Version field means tha t the | |||
| corresponding version of QUIC is in use</li> | corresponding version of QUIC is in use.</li> | |||
| <li>Only one connection at a time is established between any pair of QUI C | <li>Only one connection at a time is established between any pair of QUI C | |||
| endpoints</li> | endpoints.</li> | |||
| </ul> | </ul> | |||
| </section> | </section> | |||
| </back> | </back> | |||
| <!-- ##markdown-source: | ||||
| H4sIALAHAWAAA81b624bR5b+X09Rq/yRApKWbGeSkRHM0JKdaCBf1rIzGASB | ||||
| UWQXyYb7wqnqlsQYzrPss+yT7XfOqaruJinJu8iPDRBb6q4+depcvnOp4/F4 | ||||
| rJq8KeypPvjFOp/X1fiiyuza4o+q0W9dvbauya3X9UL/54eLswNlZjNnr0/5 | ||||
| N31RXRuXm6rxKqvnlSlBKXNm0Yxz2yzG/27z+ThPa8YnT1RmGqx5fPz4ZHx8 | ||||
| Mj75Ts3xYFm7zan2TabytTvVjWt98/j4+K/Hj5Vx1pzq985Ufl27Rt3U7tPS | ||||
| 1e1aOFDKN6bKPpqirkB3Y71a56f616aej7THB84uPH7alPIDuCzNep1Xy9+U | ||||
| Mm2zqt2p0nqM/7XOK3+qX030+1Vd+rriZ3KmVwZSqAYvarfE8/r3vCgMP7Cl | ||||
| yYtTXTZ/L+obSA+y20wq2yiVV4valabJr+2pwlpifPz+3fT11ds3796f8tdR | ||||
| DfTuVE/1h/O34+fG20y/aosmXxf2Fj/jqPrKzltnO5Ec8Pc7cqWH3jrojraX | ||||
| TTQU1lgHpsbnpKVdZTWR6vjJU/6kkxH9Nw5/B1n9Y6IvNrZaGpeei7z+YSqz | ||||
| 84ol9lNdLwubnrmaTm2zvKnd/j229HGvTvbqZWebpIHLq6HsP0BUy06w+tJs | ||||
| rBN5581GH+KDI93UUQPiD3+m8As/fvLkYbH/+SLZu80VtmnB77Zyr6yptt/w | ||||
| Fr564rI7ZK7G47E2Mw8Dm8Ml3q9yT87YloQzmV3kFUCmWVm9HmAOPWGkSYZJ | ||||
| C+DddYF3ptHABzWvy7KuSDOmKPS1AFn6PK6fBCaqurEfX9MfTf3xnTUZ1it1 | ||||
| nvt56+lD+Y7YI/XoxnwCK+vCzK2mTSJDBERkLgxGmnyffity36jDX0mdfyfF | ||||
| TiCY3w7pbVOfDp4eHY30zSqfrzS2Mm6+AjrAwRv162+Hq6ZZ+9NHj+i78GoS | ||||
| v3tEDx55y3/9jUHnI+36I1E/wiH/GRj7iRlL2APe59DbzOpF3Va0k+7ttMyb | ||||
| VTubQJKPiM7N8ugZ4LN1c5JuZhl4cu9biII2Aw3XF9IWZXUf5UczwNqYv/OP | ||||
| CjOzhX/UCxJHUU9lnmVACvWNnlb6xS2QvLTFRk+DDelz6+cuXzdBZRINWDUk | ||||
| UD2vq8rO6e24hiPC9bLOdGa2ubEW2rypNWLdus6x80ST53jbPVH2dr4y1dIS | ||||
| HJOXm6UzpSy0fusp7dgYuB/zsDbzT5ZpMmOJpG69Hawgs7UIYjPIdQW++V3H | ||||
| fM9I/ArGnql0CHzU2O4oQ9ZJit/olzlFjWEYn8JHeJMQ8WH8F5U2GRw1Fy/C | ||||
| Dtd5RjbkGelGuuzFoOSJIyHz+fMwnn35ouCG9Y0PRgK3WUfKFUJ9kxPbJvop | ||||
| C5M0Jt/0PRZfqCD/GquB06WFQWtnsX+F0zLFG/wOyyLzECW+MtVG4zuyEmCw | ||||
| b/J5BINOePO6LTIdqEcZRuiY7AIU2dosQJRvZ9420egEh7AaYqe8KSO2HDlm | ||||
| pVmvOKxXxGdCJugRJK9tAb1IUEfOVdQbm4F90o9w6+m00S8Y6S7ejgMReEzK | ||||
| 05hdElteGrfRy9oUHYjFI+RiaZWn0CUs88N1DdQjJvFWuCCZqj6K0inB2PNN | ||||
| oka2sQXWTBI4AHgNYh0xBypxYPLSi3nhZO7aMgUzA3AiuJKtsDQ7TxnYi5Ck | ||||
| h4rUW+NbB7mu4SU7QA8ZBgTwsAxbzQMrsDFf62ULy4CqQMyoMq8gtEKbEtDF | ||||
| lPqAGTVbGoLAa0LjICmSgTgUM4KFleoDyYeqsB4uC/7yRT6HcW+Iv1U+ywmI | ||||
| 8mqonZGmQw2O0zNVgOuWoWb5YmEdCbVnsp8/z0w2NkDpkh3Of/kSMYnEUcFo | ||||
| 7O3KILdGPBEYx1a+Zqea187R5r3PFR+/zJerhsCdhTDjlBSi+VTVN4XNyDWD | ||||
| GwRO9MmzYLtZTbFWI93G4aE3GDysMy6LdsU4dVZX1yRSdg64wzklBLlwwbb9 | ||||
| yW4o4mZeH7z6cPX+YCR/69dv+Od3L0Dr3Ytz+vnq5+nlZfpBhRVXP7/5cHne | ||||
| /dR9efbm1asXr8/lYzzVg0fq4NX0Xwcj5urgzdv3F29eTy8PdhTILg27mFmG | ||||
| AQcbJz3D8SN0sNKfn7397/86eQrM/I93L88en5z8FTqSX344+f4pfrlZ2Up2 | ||||
| qyuITX6FPDcKckTQJyqU5czNOm9gz1hLkaG+qTQM0ZI49+dWfZAkBS7aJiax | ||||
| yYhGGjqqaFO8qWLNogrYXmugatAljSKEZTsQiYfwTutK0SDWsQ8ZgtpOuQtX | ||||
| l3sihljB6+6bnkGIAYhTktXEuEmbJ9m2PkJS3DgcvPM1LwF1InynZXnAdKS2 | ||||
| JEq2eTogfbeX0bO6pEioF7ktMsFyyosFx0EKoq0pluHJDD6dHC2sB/46SpPC | ||||
| a7U2uaPXOB0SPRxihrhlgSEvDMI+f5SOwKT4KGtgWCMkKPs15P+o3HPE7Rbi | ||||
| C3vBrYsWXlugEGtWfWgbIaNtaUEGcAp+N6tbJHaUMahrU7QATQnchgAavzjY | ||||
| 0No24pao/Ha2o9SmYV3R+XEWtd8KkNMgKWQzFs6IEQ1k9CiPb/Xh9OhUnTJ9 | ||||
| ag4EndzSwae8SqPYX8rKyeT5/sUhIyVYDadn05uSkz5/hr/DgrrMm0ZidhAG | ||||
| FadGc2BoS9LM79bVsi9p+Pk9X8KqNGUGLVzVQVtY8QzUWJo+aTGYsiluzMZT | ||||
| vCN3JJobSufINhDF+XiXR/pHfbbvfFGE8XCdJ8AiLkd6ZQjyWZmyPR3kLBKd | ||||
| TCZ3SZhUzJbFp4bOy5qQDZmX14di4VhqyTYRVhqD4IrPcMjAyOXRXmBA1UsF | ||||
| k5wROA7xHIboOoJslyQGpDlHQVaIoC/Zpqj/I8VXRsmU48yDNUmGtkJsGgs1 | ||||
| 1g/OyJzRLhwQF/kSMW8sEge6ElCSGrW9NeTFoOnaOQEhLO+PP/5QL8Lzq/hc | ||||
| f8bZ3lR2jA2EJ314cjTCw+97j1gZkmz/wtI+/J5U95cTWjh1WOig0/GlyCiQ | ||||
| mUyYzi+U4CGt2Hr7w2Ty+CkveBdVEt+wAkfqC3P8+VR/MzimtDN+PIhHeclP | ||||
| D74wxDLcvxUEDdVSl3Dtr3ZCZheKm7qyySoGhY5oPYDsVsKcsth9abnp06Hc | ||||
| TW2lCCFXh0vBn1IpMiyiKCpqigHFkHsYV9uoIQ/9DgPF2MirYFfugLFCVqhG | ||||
| UpMgr9SsQO3YbNZSVIUPVtxOOGWAYrSAwTk6VBC5GArDlyyV+JFTFo88UdyX | ||||
| 2ChrcOHzZcXZI5gmWwt5rrAoaGGlSgPMrPs7GNk48AM0uA45P5GZF5YKyXie | ||||
| +GFK9CiBWXLHi1JQKNRmoxBKYpAVujjXz4hzUJeUgipUlPp1SNvp50ie42Td | ||||
| 7KP+DCeAo32+rjjATj3k0Tl5QM8O4Sg7GUnGbzZFbbJkKF1qEG1oHDNwSalg | ||||
| bdEZA2Bx5vGNviSF/cynUop/ifqh/k+Iaq7Ug2xO8IW0yXyTN/boBJ0zgIQn | ||||
| 5IoEH4AGRobYc7+KTD4nFAN29F7qwyeP+fdzC5epRKhnqT+gL851AA4Aw/3r | ||||
| Do+BKcdPj3nZFXd37qW0d8mAyM4BzuEsAdmG8MQeEZCJddWTFGHTtK/BFNw6 | ||||
| RXBEi5h/hzdQ6EU0PpkorqG5MuO4kIdSjleRIUaEidYRKujK3lJrq3W8ssuf | ||||
| jH7ymNE+6oQTnkk6f6zoO9tA7Al7sGkk4sxBKsqI/5SbhT3Dse7UopKUkM8j | ||||
| iRb4bGIXJVKjvIIad1SCULz7gdlvK4IUZhBOCAdmxu42GNkq7nIvW8F0AnfS | ||||
| Lkzl6jE/ePzdd0mu0fv0kMpeQfY6eXn2fxTnXlNmXtWfI0luCaq7txlI8T7f | ||||
| 6wtQPSxAEYa0m8hNYi9E/CiJZgcO6Y20jgj+rjhaRPy76sWOrwBADjURAeHy | ||||
| fWL3g+DxgyB4D5jF9OkhCOqBkATFPgr1eb0ThrZi6dfi0PHka+gFjKF0/W6f | ||||
| z0sUmNQHKzZddbW1rZjgkHhWWx+iriAZNZb2mR2y8H1GyVXfAPRC8zu6R71Q | ||||
| 98NCaBlEH8q7hGCPMFTADe4hAlYRqLmE56Qo77XTpJC/1/RJTztW77G4osQz | ||||
| 2P1QytDWfJt5eHy9Nv9ubXDM/SlEv/26aKt5vJQwuwS3mrCxr5lzC95ZT0ms | ||||
| wgvqILiuFV7QXSTcAsntSF+8lRbRzGLVUWy0zQ0V4FG81FCV1Fr1eJAWVWaL | ||||
| HLKR4pVkduMo0g7KgaDn+dAOvfRGoJCubAh9D2l8sZ261BD2KIXZ51a23Dq6 | ||||
| 4lKt7x6hsN7hLvYmU8FJkq36nE4lx49PRuGzLdEz61SuS7q96S7zekshNyVX | ||||
| Lj1j6nX3g7Z3iM/p/qViydC5IiuhM7VjiaVtVjW8Sb3t6Ss1oraZktyc1Nt1 | ||||
| focchLpZzDp4rHA6cN9+Q/jpmNEqFR8uhj5pGARtBH2rQV8+SdAMrpJIE1v7 | ||||
| BS+PPQh1fHsc/pNuA98EZHz6mJRVXfUwqAzC1QindXJc6Q7UFMhybrHjcZ4l | ||||
| f0xl3iBobfVtQ3d65+pYLj2manjdnAAVcuR4GEz06zZDRKdvw33KS+nAxrex | ||||
| AkvlaLySM8XOPUvqqZuEiYNOLuM2HUo7uT4b9ujD7eC+cu3zN5B1ilvJinlX | ||||
| OKGFZ5Lt3J2nExqkyz3kU8rmrLEkOep9Op7aISbT44gUIgRvmcweDlVXm8d7 | ||||
| wO362mwHQd6gcflyaZOZqZ6ZcaC+u3ilgP5Q0B8FGKSmaqOCdQR+YvIk/et7 | ||||
| hed7bWukvvRuLO/EAe7jkkAq+HK4dYRQuRvGYX/gl/1r5ZCtJMcMpey+nR4u | ||||
| aT9UDBh7atiY7/1/rGOvxPiofdfneKvNFkG8ZzlbPbe7ZUbJ5RvqNv0vujts | ||||
| LHcrXHGTt9okk2FQDHFb0iIKPd9zDTzSPGqBVaKhUcT3oH7Qka4/Xzmx/+Wh | ||||
| h8UXbdQXWla1k9s/RoI1VQ/TRWPdAyWWhON7LLcLSireluxqRNLPUeg9hwDE | ||||
| PCa0YZTqJwIqnqMXywPQ+IfcKTFV1RJ0VEqAp13yIdIR0XSu3W+ZMoGd46h4 | ||||
| HE7TGoekkXu8Owsh4/vaagHcWt/v24EmIZAIia9vYrONCV7tCxkx/MRKIcU9 | ||||
| GI2EJ4k8VHwMLulVZokyjDpLublw4Fwrkx+5zE2FoQmfjtgLR7si7SqWkD2k | ||||
| juA9VXa8Ow+I2ItZgYcHmh3Be8KGOIXstVUzRY+Y12vq2SbG7iYenDtwkwUG | ||||
| eyjM192cwyBiZ3WJHzwkP2/iNeK8oCEm8PcCmSbfE8Io1XzYPVnyUWWpl6t9 | ||||
| utB3nDUn7+CcyyVmes6h0g3PAx57YyRqL21l000kAMU0DS1wcXRCtVUcmahn | ||||
| MvWRLgwGOt9OMO7ZW+w0XFWweQSXilMtGcw741kR9gtSI4/s0CxIk/ZP9Y1k | ||||
| WV4Sk6CR3jhHKtEGUw43OfJFmcCJY4Hb1xaBHQV9oTSgA19xMrt9pxxKNblo | ||||
| Q+JSt8t4oZem21ZwOrMlLhWRbGv+IilFSjMqpNvyAaFKQphGXem7ty6/NvMN | ||||
| GTI15J0Jt/EXW2NDMiRCs3qz+pasj29roraphG/CPU9KVTtJyRUE54w0eBLI | ||||
| cQgKif5WSq7tLQ/RIHyWNBwZN4ilk2ItFhu5F5FqX1qR9MTe0vCRt8HPnXSD | ||||
| +xVESQGV0yYh/ExJBbIzWjOhvAIM28WCc01De4BtHpOhSlfSXku3wJXhW08F | ||||
| ofDkMDumSEi8Q84QZweTJvn2SlhKE2ES2CfqDZPfh+AlNey6OhGWhPDEThF6 | ||||
| 1XQvVUdBqm6lsBHKpwEnVVvO+jn8cBalf/cSIa20ppKQoRxkgGOiML7lyU1S | ||||
| RH/KiuHT6AUFljRftFMwC3MqjLH4Xbtztgkjd434vMwbDctkmqShmnIyrI33 | ||||
| oMy9ZRwJQaV4O+7dZFEiR2ke2QMiovVNL/Rqs6SEgDsZVM7V1C9QETP3ZhY0 | ||||
| CE7GyeMFAt7BqEMHd5Alqn1lwYKYwiYWtkso0Cl8oGOeGIBk2yKgwcX09XTH | ||||
| +4d3+yUPR1c1TxdZydzoszjDOwMLTCrNl007H0Ktue1VrJXglZ70h9q3Q5At | ||||
| mNuDpHEknPWTtCIWFvxNpl/Ir2RdZSFVHtabh6NKk2gWZw7ZQwmRUGz3pjhl | ||||
| /ihMbarh7TclsSRNTzfwZO48V7hnxC5acX/EjudwBBe/Ztou4lACCHYAydii | ||||
| JHiqCzmm7cYs+98z76HtyrMRgyHBZ2FQtDfeqqgaKIqWGrS8jkweQvj222kl | ||||
| wcOkIdZev7rHWRwYN0UI0IZzFwHAeHl7+u23oCn88hTJ+8urpPXLK+hboAyn | ||||
| pzeIcd5QoOYbvlzCU4jNN8CMRKvo3+/SYvbYOP2Q6QxBECt6yJEGtIl7ovOC | ||||
| sYUhi1wnMP/duGlpNIGTg+7y8C5Ceg2UYLbeb00e+B43TJ93ivNVPf7jx4Xp | ||||
| phZmdiHFCK9bW5fXnBgDOIFpNA7bWZxEXfpHGzD5bsajkGRuHu0uHrtTBV5P | ||||
| X0xRRtOfH6cvrj6ePP7h409nr6Cgv717efbdyclfvnw5CuPkXCB0aSb3SHQ6 | ||||
| o/8aifcbxRKORHc4j9usmzB/FwJTuKMRkXYr+PLsLmLQl7PQB2WyNOXShZDU | ||||
| BepxIgNWcUrM57/b1MGVXXGyzK8oFPc+76fyiRRcbd0W3RxWXED5kvnkhd4W | ||||
| 1z6Oj4XRDoJLSmXv6CQcHt8+PT6iAozoTAdN2ztaSWwEHc9SM/S+HsbV7hpj | ||||
| 4STPLjaJ5a5a3E3aQ0Smk1Kk4t8E/ak5m+Ka3tf/CLY/bDjzzM62mw+mPOlu | ||||
| uKaZudzJAXzvWMPe3JomzuYt5ZlSEoYqcrhll+tw8anlwoJ6k1mv95+gm7GU | ||||
| vIi25Z4QmVtPnmwD8o8dfOcIZL/hOpgSwjg3yoCpe/9m5X8Al9rOOtU5AAA= | ||||
| </rfc> | </rfc> | |||
| End of changes. 46 change blocks. | ||||
| 238 lines changed or deleted | 114 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||