Member: Kazu YAMAMOTO
Category: Underpinning
- Background: It is desired to verify the correctness of the new network protocols which the IETF is actively standardizing.
- Purpose: Contribute to protocol standardization by implementing the latest protocols and verifying interoperability.
Summary
We implement various network protocols with the Haskell programming language and verify their interoperability.
Results
- Position paper: Network Protocol Programming in Haskell, ACM SIGCOMM 2017 The Third Workshop on Networking and Programming Languages (NetPL 2017)
- Software: network, warp, tls, http2, http2-tls, quic, http3
- QUICをゆっくり解説, IIJ Engineers Blog, 2021〜2022.
- HaskellによるQUICの実装, Internet Infrastructure Review(IIR)Vol.52, 2021.
- TLS 1.3の標準化と実装, IIJ Engineer Blogs, 2018.
- TLSの動向, Internet Infrastructure Review(IIR)Vol.31, 2016.
- Exploring HTTP/2 Header Compression, Kazuhiko Yamamoto, Tatsuhiro Tsujikawa and Kazuho Oku. In Proceedings of CFI 2017, the 12th Internatinal Conference on Future Internet Technologies.
- Experience Report: Developing High Performance HTTP/2 Server in Haskell, Kazuhiko Yamamoto. In Proceedings of Haskell Symposium 2016.
- Mio: A High-Performance Multicore IO Manager for GHC, Andreas Voellmy, Junchang Wang, Paul Hudak and Kazuhiko Yamamoto. In Proceedings of Haskell Symposium 2013.
Progress
Progress in 2024FY4Q
- Regression testing for the
tls
library was implemented usingtlsfuzzer
- Record size limit extension and certificate compression extension were implemented in the
tls
library - ECH (Encrypted ClientHello) was implemented in the
tls
library, and the specifications were verified by testing interoperability with other implementations - Stateless reset was reimplemented in the
quic
library, and multiple TLS tickets were made compatible - Blog articles
Progress in 2024FY3Q
- Synchronized threading model: Reduced use of asynchronous exceptions in the
network
andhttp2
libraries, and made the code clearer by using synchronization - Thread Monitor: Implemented a thread monitor in the HTTP server and removed thread leaks in dependent libraries that were caused by asynchronous exceptions
- tls library: Improved corner cases with
tlsfuzzer
tests and automated tests to enable regression testing - Blog article:Myth and truth in Haskell asynchronous exceptions
Progress in 2024FY2Q
- New server architecture for
http2
: Solved the problem of using a lot of lightweight threads when streaming and simplified the code. Also wrote a blog post about it. - New server architecture for
quic
: Changed from connected sockets to wildcard sockets, making it possible to communicate even with NATs that frequently change ports. Also wrote a blog post about it.
Progress in 2024FY1Q
- Stabilization of network libraries: unified the functions of the debugging tools implemented in the
tls
/http2
/http2-tls
/quic
/http3
libraries to enable comprehensive testing. did. Several bugs newly discovered during this test and bugs discovered during application to DNS were removed - Support for multiple TLS tickets: stabilized session resumption by supporting for TLS servers that send multiple tickets. 0-RTT bugs discovered during this work have been fixed
Progress in 2023FY4Q
- 0-RTT in the
tls
library: Made the handshake implementation asynchronous, allowing the client side to dynamically determine the 0-RTT data to send. Verified the practicality of using 0-RTT with DNS over TLS - Stabilization of
quic
library: Addressed New Connection ID flood attack. Verified the practicality of using 0-RTT with DNS over QUIC
Progress in 2023FY3Q
tls
library: Thoroughly refactored, removed TLS 1.0/1.1, removed CBC cipher suites, refined tests, implemented channel bindingstls-session-manager
library: Implemented session ticket methodnetwork-control
library: Extracted the common parts of flow control and released it as a library.quic
library: Revamped flow control mechanism. Addressed Path Challenge flood attack.http2
library: Addressed HTTP/2 rapid reset attack. A mechanism has been incorporated to efficiently handle DNS pipelines. New flow control mechanism
Progress in 2023FY2Q
- Stabilized
quic
library - Released
http2-tls
library which combineshttp2
library andtls
library for easy usage.
Progress in 2023FY1Q
- Stabilized
http2
library - Since the cryptographic library (
cryptonite
) is no longer maintained, the fork was namedcrypton
and each library was migrated tocrypton
.