[openssl-project] QUIC, again
Benjamin Kaduk
kaduk at mit.edu
Mon Nov 12 16:52:03 UTC 2018
Between last time we discussed it and now, waiting seems to have been
prudent, as the TLS/QUIC interaction got significantly revamped.
The current QUIC drafts have TLS exporting key material and plaintext
handshake messages, with QUIC record protection used on the wire and not
TLS record protection. There is a huge amount of interest in QUIC at the
IETF, and we will need to support it eventually. But that may be best as
limited to exposing the needed APIs and not necessarily pulling in a full
QUIC implementation -- I haven't thought about that question very much.
I don't think I would have the team as a whole prioritize QUIC over FIPS,
though it may be worth someone taking an initial look at what would be
needed.
-Ben
On Mon, Nov 12, 2018 at 11:34:20AM +0100, Richard Levitte wrote:
> For those wanting to follow what's happening in QUIC space, this is a
> good place to start: https://datatracker.ietf.org/wg/quic/about/
>
> In message <20181112.113323.260349601387601601.levitte at openssl.org> on Mon, 12 Nov 2018 11:33:23 +0100 (CET), Richard Levitte <levitte at openssl.org> said:
>
> > QUIC was mentioned a little more than a year ago. Since then, it
> > seems that the drafts have moved forward with quite some speed:
> >
> > https://tools.ietf.org/html/draft-ietf-quic-transport-16
> > https://tools.ietf.org/html/draft-ietf-quic-tls-16
> > https://tools.ietf.org/html/draft-ietf-quic-recovery-16
> >
> > There seems to be an effort to have the next major HTTP version be
> > based on QUIC, at least if this blog is any indication:
> >
> > https://daniel.haxx.se/blog/2018/11/11/http-3/
> >
> > So the question is, should we start taking a closer look? Last time,
> > it seems like the discussions were cautiously positive, but never
> > reached a conclusion.
> >
> > Thoughts? Anyone feeling enthusiastic and want to do something?
> >
> > Cheers,
> > Richard
> >
> > --
> > Richard Levitte levitte at openssl.org
> > OpenSSL Project http://www.openssl.org/~levitte/
> >
> _______________________________________________
> openssl-project mailing list
> openssl-project at openssl.org
> https://mta.openssl.org/mailman/listinfo/openssl-project
More information about the openssl-project
mailing list