RFC 9000 - QUIC: A UDP-Based Multiplexed and Secure Transport
Publication Date: May 2021
Status: Standards Track
Authors: J. Iyengar (Ed.) - Fastly, M. Thomson (Ed.) - Mozilla
Abstract
This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9000.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Contents
- 1. Overview
- 1.1 Document Structure
- 1.2 Terms and Definitions
- 1.3 Notational Conventions
- 2. Streams
- 2.1 Stream Types and Identifiers
- 2.2 Sending and Receiving Data
- 2.3 Stream Prioritization
- 2.4 Operations on Streams
- 3. Stream States
- 3.1 Sending Stream States
- 3.2 Receiving Stream States
- 3.3 Permitted Frame Types
- 3.4 Bidirectional Stream States
- 3.5 Solicited State Transitions
- 4. Flow Control
- 4.1 Data Flow Control
- 4.2 Increasing Flow Control Limits
- 4.3 Flow Control Performance
- 4.4 Handling Stream Cancellation
- 4.5 Stream Final Size
- 4.6 Controlling Concurrency
- 5. Connections
- 5.1 Connection ID
- 5.2 Matching Packets to Connections
- 5.3 Operations on Connections
- 6. Version Negotiation
- 6.1 Sending Version Negotiation Packets
- 6.2 Handling Version Negotiation Packets
- 6.3 Using Reserved Versions
- 7. Cryptographic and Transport Handshake
- 7.1 Example Handshake Flows
- 7.2 Negotiating Connection IDs
- 7.3 Authenticating Connection IDs
- 7.4 Transport Parameters
- 7.5 Cryptographic Message Buffering
- 8. Address Validation
- 8.1 Address Validation during Connection Establishment
- 8.2 Path Validation
- 9. Connection Migration
- 9.1 Probing a New Path
- 9.2 Initiating Connection Migration
- 9.3 Responding to Connection Migration
- 9.4 Loss Detection and Congestion Control
- 9.5 Privacy Implications of Connection Migration
- 9.6 Server's Preferred Address
- 9.7 Use of IPv6 Flow Label and Migration
- 10. Connection Termination
- 10.1 Idle Timeout
- 10.2 Immediate Close
- 10.3 Stateless Reset
- 11. Error Handling
- 11.1 Connection Errors
- 11.2 Stream Errors
- 12. Packets and Frames
- 12.1 Protected Packets
- 12.2 Coalescing Packets
- 12.3 Packet Numbers
- 12.4 Frames and Frame Types
- 12.5 Frames and Number Spaces
- 13. Packetization and Reliability
- 13.1 Packet Processing
- 13.2 Generating Acknowledgments
- 13.3 Retransmission of Information
- 13.4 Explicit Congestion Notification
- 14. Datagram Size
- 14.1 Initial Datagram Size
- 14.2 Path Maximum Transmission Unit
- 14.3 Datagram Packetization Layer PMTU Discovery
- 14.4 Sending QUIC PMTU Probes
- 15. Versions
- 16. Variable-Length Integer Encoding
- 17. Packet Formats
- 17.1 Packet Number Encoding and Decoding
- 17.2 Long Header Packets
- 17.3 Short Header Packets
- 17.4 Latency Spin Bit
- 18. Transport Parameter Encoding
- 18.1 Reserved Transport Parameters
- 18.2 Transport Parameter Definitions
- 19. Frame Types and Formats
- 19.1 PADDING Frames
- 19.2 PING Frames
- 19.3 ACK Frames
- 19.4 RESET_STREAM Frames
- 19.5 STOP_SENDING Frames
- 19.6 CRYPTO Frames
- 19.7 NEW_TOKEN Frames
- 19.8 STREAM Frames
- 19.9 MAX_DATA Frames
- 19.10 MAX_STREAM_DATA Frames
- 19.11 MAX_STREAMS Frames
- 19.12 DATA_BLOCKED Frames
- 19.13 STREAM_DATA_BLOCKED Frames
- 19.14 STREAMS_BLOCKED Frames
- 19.15 NEW_CONNECTION_ID Frames
- 19.16 RETIRE_CONNECTION_ID Frames
- 19.17 PATH_CHALLENGE Frames
- 19.18 PATH_RESPONSE Frames
- 19.19 CONNECTION_CLOSE Frames
- 19.20 HANDSHAKE_DONE Frames
- 19.21 Extension Frames
- 20. Error Codes
- 20.1 Transport Error Codes
- 20.2 Application Protocol Error Codes
- 21. Security Considerations
- 21.1 Overview of Security Properties
- 21.2 Handshake Denial of Service
- 21.3 Amplification Attack
- 21.4 Optimistic ACK Attack
- 21.5 Request Forgery Attacks
- 21.6 Slowloris Attacks
- 21.7 Stream Fragmentation and Reassembly Attacks
- 21.8 Stream Commitment Attack
- 21.9 Peer Denial of Service
- 21.10 Explicit Congestion Notification Attacks
- 21.11 Stateless Reset Oracle
- 21.12 Version Downgrade
- 21.13 Targeted Attacks by Routing
- 21.14 Traffic Analysis
- 22. IANA Considerations
- 22.1 Registration Policies for QUIC Registries
- 22.2 QUIC Versions Registry
- 22.3 QUIC Transport Parameters Registry
- 22.4 QUIC Frame Types Registry
- 22.5 QUIC Transport Error Codes Registry
- 23. References
- 23.1 Normative References
- 23.2 Informative References
Appendix
- Appendix A. Pseudocode
- A.1 Sample Variable-Length Integer Decoding
- A.2 Sample Packet Number Encoding Algorithm
- A.3 Sample Packet Number Decoding Algorithm
- A.4 Sample ECN Validation Algorithm
Related Resources
- Official Text: RFC 9000
- Official Page: RFC 9000 DataTracker
- Errata: RFC Editor Errata