<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>On 11/23/2020 12:00 AM, jrzx via cryptography wrote:<br>
</p>
<blockquote type="cite"
cite="mid:jGPeKYkiyCjPlQFIRNDovyNif4qBopSF3oZKqVJ_PjRxoBR8Us7DRjVXOH-5eqhoEI5s8tqbUNDQIZUpFcAMcZcONjRYObvGBPmffxvjkjw=@protonmail.ch">
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">While QUIC started as a Google project, it is being standardized in the
IETF. There are several independent implementations of QUIC, by Apple,
Microsoft, Mozilla, Cloudflare and many others, including mine. They are
not "married to the Google code base".
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Does your implementation use OpenSSL, or Google's fork of OpenSSL?</pre>
</blockquote>
<p>It uses PicoTLS, a from-the-ground-up implementation of TLS 1.3
by Kazuho Ohu -- <a class="moz-txt-link-freetext" href="https://github.com/h2o/picotls">https://github.com/h2o/picotls</a>. Picotls allows
for a variety of implementation of the crypto algorithms,
including libcrypto from OpenSSL, a "fusion" implementation of
AES-GCM developed by Kazuho, and a "mini crypto" implementation
using <a href="https://github.com/ctz/cifra">cifra</a> for most
crypto and <a href="https://github.com/kmackay/micro-ecc">micro-ecc</a>
for secp256r1.</p>
<p>As noted by Rich Saltz, different implementations use different
implementations of TLS and different crypto libraries. Some use a
forked branch of OpenSSL in which the API required by QUIC were
added. The Microsoft implementation uses S-Channel or MiTLS from
MSR. The Google implementation and some others use BoringSSL.
Mozilla use their own library. Some implementations use rusttls. A
few implementations allow developers to choose between OpenSSL,
LibreSSL, etc.<br>
</p>
<blockquote type="cite"
cite="mid:jGPeKYkiyCjPlQFIRNDovyNif4qBopSF3oZKqVJ_PjRxoBR8Us7DRjVXOH-5eqhoEI5s8tqbUNDQIZUpFcAMcZcONjRYObvGBPmffxvjkjw=@protonmail.ch">
<pre class="moz-quote-pre" wrap="">
Where is your implementation?</pre>
</blockquote>
<p><a class="moz-txt-link-freetext" href="https://github.com/private-octopus/picoquic/">https://github.com/private-octopus/picoquic/</a></p>
<p>The list of implementations is at
<a class="moz-txt-link-freetext" href="https://github.com/quicwg/base-drafts/wiki/Implementations">https://github.com/quicwg/base-drafts/wiki/Implementations</a>.</p>
<p>The results of the automated interop testing set by Marten Seeman
are at <a class="moz-txt-link-freetext" href="https://interop.seemann.io/">https://interop.seemann.io/</a>. The results from manual
interop testing conducted periodically are at
<a class="moz-txt-link-freetext" href="https://docs.google.com/spreadsheets/d/1D0tW89vOoaScs3IY9RGC0UesWGAwE6xyLk0l4JtvTVg/edit#gid=1991873121">https://docs.google.com/spreadsheets/d/1D0tW89vOoaScs3IY9RGC0UesWGAwE6xyLk0l4JtvTVg/edit#gid=1991873121</a>.
That spreadsheet includes tabs for the interop that have been
going on since 2017. Interop testing was one of the basic tools of
protocol development.<br>
</p>
<p>-- Christian Huitema
</p>
<blockquote type="cite"
cite="mid:jGPeKYkiyCjPlQFIRNDovyNif4qBopSF3oZKqVJ_PjRxoBR8Us7DRjVXOH-5eqhoEI5s8tqbUNDQIZUpFcAMcZcONjRYObvGBPmffxvjkjw=@protonmail.ch"></blockquote>
</body>
</html>