Protocol ossification
Protocol ossification is a progressive reduction in the flexibility of network protocol design caused by the presence of middleboxes in the network which cannot easily be removed or upgraded to allow protocol changes. An example of this is the presence of firewalls and carrier grade NAT proxies and other middleboxes in the Internet, where over-cautious checking of protocol fields has prevented the use of those fields for future protocol expansion, breaking the end-to-end principle of the Internet architecture.[1]
For example, protocol ossification initially prevented the adoption of TLS 1.3, a problem which was fixed by a workaround which introduced elements into the TLS 1.3 handshake which appeared (falsely) to middleboxes to be a TLS 1.2 handshake.[2]
Protocol ossification can be avoided by the use of encryption or tunnelling to hide the structure of new protocol extensions from older middleboxes.[3] QUIC is an examples of a protocol which uses encryption to avoid middleboxes.[4]
The Internet Engineering Task Force created the Transport Services Working Group (TAPS WG) in 2015 as an attempt to address the problem.[5]
GREASE, described in RFC 8701, adds randomly generated unknown options to TLS connections to prevent middleboxes from blocking unknown values. It is an attempt to stop the TLS protocol from "rusting shut" in the future.[6]
See also
References
- Papastergiou, Giorgos; Fairhurst, Gorry; Ros, David; Brunstrom, Anna; Grinnemo, Karl-Johan; Hurtig, Per; Khademi, Naeem; Tuxen, Michael; Welzl, Michael; Damjanovic, Dragana; Mangiante, Simone (2017). "De-Ossifying the Internet Transport Layer: A Survey and Future Perspectives". IEEE Communications Surveys & Tutorials. 19 (1): 619–639. doi:10.1109/COMST.2016.2626780. hdl:2164/8317. ISSN 1553-877X. Archived (PDF) from the original on 2017.
- "Why TLS 1.3 isn't in browsers yet". The Cloudflare Blog. 2017-12-26. Retrieved 2020-03-14.
- Corbet, Jonathan (January 29, 2018). "QUIC as a solution to protocol ossification". lwn.net. Retrieved 2020-03-14.
- "The Road to QUIC". The Cloudflare Blog. 2018-07-26. Retrieved 2020-03-14.
- Welzl, Michael; Fairhurst, Gorry; Ros, David (2015). "Ossification: a result of not even trying?" (PDF). www.iab.org.
- Benjamin, David (January 2020). "Applying GREASE to TLS Extensibility". tools.ietf.org. Retrieved 2020-06-23.