IIJ Research Laboratory

Member： Kazu YAMAMOTO

Background: It is desired to verify the correctness of the new network protocols which the IETF is actively standardizing.
Purpose: Contribute to protocol standardization by implementing the latest protocols and verifying interoperability.

Summary

We implement various network protocols with the Haskell programming language and verify their interoperability.

Position paper: Network Protocol Programming in Haskell, ACM SIGCOMM 2017 The Third Workshop on Networking and Programming Languages (NetPL 2017)
Software: network, warp, tls, http2, http2-tls, quic, http3
QUICをゆっくり解説, IIJ Engineers Blog, 2021〜2022.
HaskellによるQUICの実装, Internet Infrastructure Review（IIR）Vol.52, 2021.
TLS 1.3の標準化と実装, IIJ Engineer Blogs, 2018.
TLSの動向, Internet Infrastructure Review（IIR）Vol.31, 2016.
Exploring HTTP/2 Header Compression, Kazuhiko Yamamoto, Tatsuhiro Tsujikawa and Kazuho Oku. In Proceedings of CFI 2017, the 12th Internatinal Conference on Future Internet Technologies.
Experience Report: Developing High Performance HTTP/2 Server in Haskell, Kazuhiko Yamamoto. In Proceedings of Haskell Symposium 2016.
Mio: A High-Performance Multicore IO Manager for GHC, Andreas Voellmy, Junchang Wang, Paul Hudak and Kazuhiko Yamamoto. In Proceedings of Haskell Symposium 2013.

Regression testing for the tls library was implemented using tlsfuzzer
Record size limit extension and certificate compression extension were implemented in the tls library
ECH (Encrypted ClientHello) was implemented in the tls library, and the specifications were verified by testing interoperability with other implementations
Stateless reset was reimplemented in the quic library, and multiple TLS tickets were made compatible
Blog articles

Synchronized threading model: Reduced use of asynchronous exceptions in the network and http2 libraries, and made the code clearer by using synchronization
Thread Monitor: Implemented a thread monitor in the HTTP server and removed thread leaks in dependent libraries that were caused by asynchronous exceptions
tls library: Improved corner cases with tlsfuzzer tests and automated tests to enable regression testing
Blog article：Myth and truth in Haskell asynchronous exceptions

New server architecture for http2: Solved the problem of using a lot of lightweight threads when streaming and simplified the code. Also wrote a blog post about it.
New server architecture for quic: Changed from connected sockets to wildcard sockets, making it possible to communicate even with NATs that frequently change ports. Also wrote a blog post about it.

Stabilization of network libraries: unified the functions of the debugging tools implemented in the tls/http2/http2-tls/quic/http3 libraries to enable comprehensive testing. did. Several bugs newly discovered during this test and bugs discovered during application to DNS were removed
Support for multiple TLS tickets: stabilized session resumption by supporting for TLS servers that send multiple tickets. 0-RTT bugs discovered during this work have been fixed

0-RTT in the tls library: Made the handshake implementation asynchronous, allowing the client side to dynamically determine the 0-RTT data to send. Verified the practicality of using 0-RTT with DNS over TLS
Stabilization of quic library: Addressed New Connection ID flood attack. Verified the practicality of using 0-RTT with DNS over QUIC

tls library: Thoroughly refactored, removed TLS 1.0/1.1, removed CBC cipher suites, refined tests, implemented channel bindings
tls-session-manager library: Implemented session ticket method
network-control library: Extracted the common parts of flow control and released it as a library.
quic library: Revamped flow control mechanism. Addressed Path Challenge flood attack.
http2 library: Addressed HTTP/2 rapid reset attack. A mechanism has been incorporated to efficiently handle DNS pipelines. New flow control mechanism

Stabilized quic library
Released http2-tls library which combines http2 library and tls library for easy usage.

Stabilized http2 library
Since the cryptographic library (cryptonite) is no longer maintained, the fork was named crypton and each library was migrated to crypton.