QUIC and OpenSSL

栏目: IT技术 · 发布时间: 4年前

QUIC is a new protocol which the IETF talks about as A UDP-Based Multiplexed and Secure Transport , and has attracted a lot of attention lately. The OpenSSL Management Committee (OMC) have followed the development with interest, and we feel that we owe it to the community to say where we stand on this, and on the inclusion of support for this protocol in our libraries.

To begin with, nothing written here is a policy decision or similar. It’s a collective view of the current consensus within the OMC.

We believe that the inclusion of QUIC support in OpenSSL is extremely important and there is an intention to provide it in a future version of OpenSSL. This may be in the form of an API to enable TLS integration into 3rd party QUIC products, or it may be in the form of a complete QUIC transport protocol implementation.

Whichever form our QUIC solution takes, our desire is to offer a complete and stable API. This requires an API and solution design, and also that the protocol itself has reached a level of stability. Judging from IETF’s datatracker at the moment of writing, QUIC is still at a point in its development where it is difficult to predict what stability to expect. Based on that, and our recent experience with the TLSv1.3 implementation, we consider there to be a high risk that the IETF process will not have reached sufficient maturity by the time that we need to freeze the OpenSSL 3.0 APIs when we release beta1 inJune of this year.

The current focus of our development efforts is onOpenSSL 3.0. There is much work to be done and there are a number of alpha and beta releases planned in the coming months. Whilst QUIC is very important, it is not on the roadmap for the 3.0 release. We do not want to distract our development resources away from that work, meaning that there is insufficient time for us to do the QUIC design to the standard that we want.

It is our expectation that once the 3.0 release is done, QUIC will become a significant focus of our effort. By this time we hope that the IETF process will have reached sufficient maturity that we can design an API that is acceptable for the long term.

We gladly accept community contributions where they align with established project goals, and existing APIs. We have been offered a shim for interfacing other QUIC libraries on top of OpenSSL’s libraries based on one particular implementation’s requirements. It is not a contribution of QUIC support in itself. Rather, it is a bridge between an external implementation that is still evolving, and the OpenSSL library.

After much consideration, we have collectively concluded that this would be an experimental / temporary solution while waiting for a future more complete solution and API, which doesn’t align with our desire to offer a stable API. We believe that there is a high risk that the requirements for that API will change over time . Given our APIstability policies this could result in us having to support an API that is no longer optimal for a very long time.

We believe it is more important to get a stable API that is correct for the long term than an unstable API that is delivered early. Projects eager to gain experience with QUIC are welcome to test the pull request in their own unstable prototype builds. This may even enable and motivate some to make contributions to the QUIC standardisation process. What we cannot presently commit to is a stable QUIC API that meshes with the project’s long-term goals.

Therefore, while we are pleased that OpenSSL has attracted an active contributor community, and remain very supportive of, and eager for more, community involvement in the project, we are deferring the decision on how QUIC will be integrated into OpenSSL.

So in conclusion; QUIC is on our minds, but it will not be included in the OpenSSL 3.0 release. We expect more tangible action to happen after we’ve released OpenSSL 3.0.


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

实用程序育儿法

实用程序育儿法

(美)特蕾西·霍格、(美)梅林达·布劳 / 张雪兰 / 北京联合出版社 / 2009-1 / 39.00元

《实用程序育儿法》作者世界闻名的实战型育儿专家特蕾西·霍格(Tracy Hogg)以“宝宝耳语专家(Baby Whisperer)”享誉全球,她深入到数千名宝宝的家里解决宝宝和妈妈面临的日常难题,通过演讲、电台、电视台、信件、电子邮件以及住她的网站上发帖跟她交流、向她请教的妈妈们更是不计其数。由她亲自实景示范拍摄的“和宝宝说悄悄话(Thc Baby Whisperer)”DVD全球发行上千万张。她......一起来看看 《实用程序育儿法》 这本书的介绍吧!

CSS 压缩/解压工具
CSS 压缩/解压工具

在线压缩/解压 CSS 代码

RGB转16进制工具
RGB转16进制工具

RGB HEX 互转工具

MD5 加密
MD5 加密

MD5 加密工具