From c4cf122cf0f372ae3c7fe7abaa97d0e86c1e94e9 Mon Sep 17 00:00:00 2001 From: moparisthebest Date: Mon, 13 Jun 2022 19:58:53 -0400 Subject: [PATCH] ProtoXEP: XMPP over QUIC --- inbox/xmpp-over-quic.xml | 70 ++++++++++++++++++++++++++++++++++++++++ xep.ent | 2 ++ 2 files changed, 72 insertions(+) create mode 100644 inbox/xmpp-over-quic.xml diff --git a/inbox/xmpp-over-quic.xml b/inbox/xmpp-over-quic.xml new file mode 100644 index 00000000..82a7477e --- /dev/null +++ b/inbox/xmpp-over-quic.xml @@ -0,0 +1,70 @@ + + +%ents; +]> + + +
+ XMPP over QUIC + This specification defines a procedure to make both c2s and s2s XMPP connections over the QUIC protocol instead of TCP+TLS. + &LEGALNOTICE; + xxxx + ProtoXEP + Standards Track + Standards + Council + + XMPP Core + XEP-0156 + XEP-0368 + + + + NOT_YET_ASSIGNED + + Travis + Burtrum + travis@burtrum.org + travis@burtrum.org + + + 0.0.1 + 2022-06-13 + tjb +

First draft.

+
+
+ +

&xmppcore; specifies the use of STARTTLS to connect to an XMPP server. &xep0368; extends that to skip STARTTLS by doing Direct TLS. This XEP defines how to negotiate a XMPP connection over QUIC (&rfc9000;), which provides identical security and authentication to TCP+TLS, along with a number of other desirable properties, such as connection migration across IP changes, and multiple independent bidirectional streams in one session, among others.

+
+ +

QUIC session negotiation is virtually identical to TLS. This document specifies that the following additional rules apply:

+
    +
  1. While other forms of discovery like &xep0156; can discover QUIC connections, we also define UDP port 443 as the default port to attempt a XMPP-over-QUIC connection on if those are not available, yes this is the reserved port for HTTPS, no we don't care because SNI and ALPN are required so there will be no mishaps.
  2. +
  3. TLS certificates MUST be validated the same way as for STARTTLS. (i.e., as specified in &xmppcore;).
  4. +
  5. STARTTLS MUST NOT be used over QUIC connections.
  6. +
  7. Client or server MUST set SNI TLS extension to the JID's domain part, and MUST use &tls-ech; if available.
  8. +
  9. Client or server MUST set the ALPN (&rfc7301;) TLS extension, and MUST use &tls-ech; if available.
  10. +
  11. The ALPN protocol MUST be 'xmpp-client' when negotiating an c2s connection.
  12. +
  13. The ALPN protocol MUST be 'xmpp-server' when negotiating an s2s connection.
  14. +
  15. The client or server MUST use QUIC Connection Migration which allows for a single QUIC session and therefore multiple XMPP connections to migrate between IPs without reconnecting. Use of &xep0198; is therefore optional but encouraged if reconnection might occur over another transport like TLS or WebSocket.
  16. +
  17. QUIC supports uni-directional and bi-directional streams, but XMPP MUST only use bi-directional streams. Multiple bi-directional MAY be opened in one session and MUST be treated as a seperate connections with the same security and authentication as negotiated in the initial TLS handshake. This means clients can log into multiple accounts, or the same account multiple times over one QUIC session, or servers can open multiple s2s connections over one QUIC session where one of the servers can prove control over multiple domains, for example if the certificate covered multiple domain names.
  18. +
+
+ +

Perhaps the most compelling benefit of QUIC over TCP+TLS is connection migration especially for mobile devices which swap between mobile and WiFi often. Multiple connections per QUIC session is also helpful for clients with multiple accounts or servers with multiple streams to each other. The handshake and especially 0-rtt mode will be faster than STARTTLS, and in theory, QUIC in general should be faster than TLS, though perhaps not enough to matter for XMPP.

+
+ +

QUIC provides AT LEAST the same level of security as STARTTLS and Direct TLS, and far more privacy with &tls-ech; (which can and should be used with Direct TLS, but this isn't a MUST). QUIC provides more security than STARTTLS if &rfc7590; is not followed, as it isn't subject to STARTTLS stripping. All security setup and certificate validation code SHOULD be shared between the QUIC, STARTTLS and Direct TLS logic as well.

+
+ +

ALPN (&rfc7301;) requires registration of new Protocol IDs. This document re-uses the two Protocol IDs specified in &xep0368;, but the ALPN registry (currently located here) should be updated to additionally point to this document.

+ +

IANA requires registration of port numbers too (currently located here) but UDP 443 is already assigned to HTTPS, which also requires ALPN, so I think no registration is required.

+ +
+ +

This document requires no interaction with the ®ISTRAR;.

+
+
diff --git a/xep.ent b/xep.ent index 97b6a0a6..82b7019b 100644 --- a/xep.ent +++ b/xep.ent @@ -705,6 +705,7 @@ THE SOFTWARE. RFC 8467 RFC 8467: Padding Policies for Extension Mechanisms for DNS (EDNS(0)) <http://tools.ietf.org/html/rfc8467>." > RFC 8484 RFC 8484: DNS Queries over HTTPS (DoH) <http://tools.ietf.org/html/rfc8484>." > RFC 8285 RFC 8285: A General Mechanism for RTP Header Extensions <http://tools.ietf.org/html/rfc8285>." > +RFC 9000 RFC 9000: QUIC: A UDP-Based Multiplexed and Secure Transport <http://tools.ietf.org/html/rfc9000>." > @@ -745,6 +746,7 @@ THE SOFTWARE. XMPP Over WebSocket An XMPP Sub-protocol for WebSocket <https://datatracker.ietf.org/doc/draft-ietf-xmpp-websocket/>. Work in progress." > Multiplexing Negotiation Using Session Description Protocol (SDP) Port Numbers Multiplexing Negotiation Using Session Description Protocol (SDP) Port Numbers <http://tools.ietf.org/html/draft-ietf-mmusic-sdp-bundle-negotiation/>. Work in progress." > Incremental Provisioning of Candidates for the Interactive Connectivity Establishment (ICE) Protocol Incremental Provisioning of Candidates for the Interactive Connectivity Establishment (ICE) Protocol <http://tools.ietf.org/html/draft-ietf-ice-trickle/>." > +TLS Encrypted Client Hello TLS Encrypted Client Hello <http://tools.ietf.org/html/draft-ietf-tls-esni/>." >