IETF Logo Mail Archive

Re: Call for Adoption: HTTP Proxy-Status Parameter for Next-Hop Aliases

Mark Nottingham <mnot@mnot.net> Wed, 28 December 2022 01:01 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60109C14CE54 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 27 Dec 2022 17:01:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.048
X-Spam-Level:
X-Spam-Status: No, score=-5.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=mx+MhSDX; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=W3YmMs4K
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zL3vjmc69hgO for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 27 Dec 2022 17:01:32 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39434C14F718 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 27 Dec 2022 17:01:31 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1pAKmr-00BxQ7-BQ for ietf-http-wg-dist@listhub.w3.org; Wed, 28 Dec 2022 00:59:17 +0000
Resent-Date: Wed, 28 Dec 2022 00:59:17 +0000
Resent-Message-Id: <E1pAKmr-00BxQ7-BQ@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <mnot@mnot.net>) id 1pAKmm-00BxPE-Sf for ietf-http-wg@listhub.w3.org; Wed, 28 Dec 2022 00:59:12 +0000
Received: from out3-smtp.messagingengine.com ([66.111.4.27]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <mnot@mnot.net>) id 1pAKml-00Gqr0-11 for ietf-http-wg@w3.org; Wed, 28 Dec 2022 00:59:12 +0000
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 69DE55C00D9; Tue, 27 Dec 2022 19:59:00 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Tue, 27 Dec 2022 19:59:00 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1672189140; x= 1672275540; bh=AHHVGiiyS8ndF3oV9JBGnA4WksVLkudFD2qn0xHdLfs=; b=m x+MhSDXp4M6vIUz8cPtjZ5Jw/EhLuRNtkrsEFxSOU8Oj5w/sbkA0T6OcVKJbympN vKA4APGC7BQ8e4DSMVJYjldEUETQuKRK9l8+MJDYH/c53YRVep3zFA+Lzx0aSdDY Rk09PlwuZd0rkPVlcMrvi1bwl4ItM6g9lJfdWtDFjDjQqG3Qz0duHZT4QfNJJZ9a QKDezFR8qrG+5imk+sC8hcXbzZBcuJuG0D26sn1CbgZWyler9eqGxITTFR+oGDLY sBtAWnVCcQmkNM2970XuM4hX62V7EhQbK/11YCN1PlrzFwSrVbbBhjuLICaOwxg9 rE3VWFvUAtWw7Qpal5LXQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1672189140; x= 1672275540; bh=AHHVGiiyS8ndF3oV9JBGnA4WksVLkudFD2qn0xHdLfs=; b=W 3YmMs4KaqKAuPUA4trdepjNxcu8kLwDlNQSoZq/2COb+wzhcShpO2QWoLRxF6bdK 5sfoedA6k+6rjfjOL9Xyzw4U3kQhCpDQLFnaJHGXGm+bO1AJlJ/RMO7spZNB7pBR IVPNU1q6iFy6mPkFW5D0/HGUVKp2anII+4mpuLIaaqEIeMD35QIGn/ysxvWmIwuY EViMlMkkmhANDz2t/BVChJoREqLm81OdRU6XMNF26W07gpgB08Oa60rAAvdXoUZG E4QXI3/R26SfLLrfaFwBj0vlh/smJ5pATgTaxDe8RZeizkWnj8xNuxB+kOMj+XwQ +fD7zQio2GUvCvixBbPDw==
X-ME-Sender: <xms:1JSrYzhkPqHN2h-f6rvpPsAZXwa-CfnekGxyKzNVaNM2fQt7Q1BKSQ> <xme:1JSrYwAYMfF4p5jzBwDFAsOIVrTMtv8mXP3sT2hkiwFeu1zqn11AEG-mcdU_sjss6 j5g4GuNewkSL-O_sg>
X-ME-Received: <xmr:1JSrYzGQ1-TmVFAHgttazkJb43jT4d6NclpNRtD_99GNGtBX9CRQYsXD8zad0Urld2dUCC4RNPZHTCzFR6mRCyWK0ujaUWnhR-206YUr4hao8NLcgVG5clps>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedriedugdeftdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegtggfuhfgjffevgffkfhfvofesthhqmhdthhdtjeenucfhrhhomhepofgrrhhk ucfpohhtthhinhhghhgrmhcuoehmnhhothesmhhnohhtrdhnvghtqeenucggtffrrghtth gvrhhnpedttddufeeuudelgeehjeelheejudefieeuleevleegfeehfeejgefgiedvvdeu ueenucffohhmrghinhepihgvthhfrdhorhhgpdgrphhplhgvrdgtohhmpdhhthhtphdrsg gvshhtpdhgihhthhhusgdrtghomhdpmhhnohhtrdhnvghtnecuvehluhhsthgvrhfuihii vgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhnohhtsehmnhhothdrnhgvth
X-ME-Proxy: <xmx:1JSrYwTXY8sFqyTtwzOKA2c5XQ43m4o6rTRNpPB15jZKyPeYUarykQ> <xmx:1JSrYwzpoziNQJv1c1lr3wrAs3QAq7y4KOcfU7Mbi5Ygg3FvZuGcVA> <xmx:1JSrY26eISHs_kwNzAgZ7n3h0hGfnmkK6ybnK5cbB3qJqOslQ-40XQ> <xmx:1JSrY2YiutAq-GBT3Q0lIarfDpk9y5MNnP0g4H1aHHdtARZPcPtkvQ>
Feedback-ID: ie6694242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 27 Dec 2022 19:58:58 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.101.1.3\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <D7F36608-94A2-449A-B3D8-83DF2E8A0AF1@mnot.net>
Date: Wed, 28 Dec 2022 11:58:35 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <BD95FC9C-D05F-4505-BDA0-D4912178ADAC@mnot.net>
References: <4D32628F-B514-4B9E-9F50-9FDA652A59B6@apple.com> <B18ACDAA-3B4C-48C7-B759-749EDF3FAA4E@apple.com> <C91FC9A7-661D-4E8B-BE09-AD96EE7E3C4C@mnot.net> <BC9076D0-8F74-4D2D-B933-81BE5D1ED52B@apple.com> <D7F36608-94A2-449A-B3D8-83DF2E8A0AF1@mnot.net>
To: Tommy Pauly <tpauly@apple.com>
X-Mailer: Apple Mail (2.3731.300.101.1.3)
Received-SPF: pass client-ip=66.111.4.27; envelope-from=mnot@mnot.net; helo=out3-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=mnot@mnot.net domain=mnot.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mnot@mnot.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1pAKml-00Gqr0-11 7b8c0a4f8cfbf6999592229163882502
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Call for Adoption: HTTP Proxy-Status Parameter for Next-Hop Aliases
Archived-At: <https://www.w3.org/mid/BD95FC9C-D05F-4505-BDA0-D4912178ADAC@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40667
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

It seems like there's good support for this, so let's adopt.* Tommy, please submit a -00.

Cheers,


* I read Martin's reply as disinterest and a request for better documentation of use cases, not pushback.



> On 6 Dec 2022, at 3:19 pm, Mark Nottingham <mnot@mnot.net> wrote:
> 
> Tommy et al,
> 
> This draft (or the protocol elements it defines) have been talked about in a few different places, so let's do a Call for Adoption to find out.
> 
> This message opens a Call for Adoption for draft-pauly-httpbis-alias-proxy-status:
>  https://www.ietf.org/archive/id/draft-pauly-httpbis-alias-proxy-status-00.html
> 
> For the purposes of this CfA, assume that the proposed scope of work is as described -- just adding the `next-hop-alias` parameter, with any further work to be taken on separately.
> 
> Please respond to indicate whether you support this work, that scope, and whether you intend to implement or use it.
> 
> The CfA will last for two weeks, ending on 20 December.
> 
> Cheers,
> 
> 
>> On 1 Dec 2022, at 9:13 am, Tommy Pauly <tpauly@apple.com> wrote:
>> 
>> Hello HTTP,
>> 
>> Following up on this discussion, I presented this at Masque at IETF 115, and got the feedback that this would be fit more in HTTP, and also that it should just be a simpler proxy-status parameter to include only the alias name chain (generally, the CNAME chain).
>> 
>> I’ve revised the document, and it’s super short — just defining a “next-hop-aliases” parameter, which is a list of names.
>> 
>> https://www.ietf.org/archive/id/draft-pauly-httpbis-alias-proxy-status-00.html
>> https://datatracker.ietf.org/doc/draft-pauly-httpbis-alias-proxy-status/
>> 
>> There was also discussion in the meeting about having more work on broader solutions to get rich and complex DNS information back from proxies, but I’d like to get this simple proxy-status parameter registered separately. I’d appreciate people’s reviews and thoughts.
>> 
>> Thanks,
>> Tommy
>> 
>> 
>>> On Oct 12, 2022, at 4:02 PM, Mark Nottingham <mnot@mnot.net> wrote:
>>> 
>>> Speaking personally -- I don't have any strong feelings either way, as long as appropriate communication happens. If the use cases are for non-MASQUE proxying too (and it seems like they are), that might tilt it slightly towards HTTP.
>>> 
>>> Cheers,
>>> 
>>> 
>>>> On 11 Oct 2022, at 2:46 am, Tommy Pauly <tpauly@apple.com> wrote:
>>>> 
>>>> Hi HTTP,
>>>> 
>>>> I wanted to share this draft with this group, which I’ve initially started discussion on in MASQUE.
>>>> 
>>>> It’s a simple parameter addition to proxy-status, to let the proxy send back the IP and CNAME/alias chain it used to reach the next hop. This is useful for clients of CONNECT/CONNECT-UDP proxies that want to apply policies to specific IPs and CNAMEs (for tracker detection, cookie rules, etc).
>>>> 
>>>> In addition to any reviews and feedback on the technical content, we’d like to know if this is something that the HTTPbis WG would like to own, or if it is fine letting the work happen in MASQUE and get review from HTTP.
>>>> 
>>>> Best,
>>>> Tommy
>>>> 
>>>>> Begin forwarded message:
>>>>> 
>>>>> From: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
>>>>> Subject: [Masque] HTTP Proxy-Status Parameter for DNS Information
>>>>> Date: October 4, 2022 at 12:29:33 PM PDT
>>>>> To: masque@ietf.org
>>>>> 
>>>>> Hello MASQUErs,
>>>>> 
>>>>> I wanted to share this document with this group, since it is mainly applicable to MASQUE-style (CONNECT/CONNECT-UDP) proxies.
>>>>> 
>>>>> Right now, when a client connects to a TCP or UDP server via the proxy using a hostname in the request, it doesn’t perform its own DNS, and thus doesn’t learn about the IP address of the server it ultimately is connected to, or the CNAME / AliasMode chain that was used to get to the IP address of the server. That’s generally fine, but there are use cases where clients may want to know the IP address or CNAMEs to detect cases where trackers are performing CNAME cloaking, etc.
>>>>> 
>>>>> So, this is a very simple proposal to define a new, optional proxy-status parameter that can let MASQUE-style proxies tell clients about the IP address and CNAME chain from DNS.
>>>>> 
>>>>> https://www.ietf.org/archive/id/draft-pauly-masque-dns-proxy-status-00.html
>>>>> 
>>>>> This certainly does not solve all of the use cases where clients may want to know more DNS details (SVCB/HTTPS records for ECH, alpn support, etc), and I expect more work to be needed for those use cases. However, I believe this extra bit of information is something that is incrementally useful, easy to implement, and simple to define.
>>>>> 
>>>>> Thoughts and feedback welcome!
>>>>> 
>>>>> Thanks,
>>>>> Tommy
>>>>> 
>>>>>> Begin forwarded message:
>>>>>> 
>>>>>> From: internet-drafts@ietf.org
>>>>>> Subject: New Version Notification for draft-pauly-masque-dns-proxy-status-00.txt
>>>>>> Date: October 4, 2022 at 11:01:29 AM PDT
>>>>>> To: Tommy Pauly <tpauly@apple.com>
>>>>>> 
>>>>>> 
>>>>>> A new version of I-D, draft-pauly-masque-dns-proxy-status-00.txt
>>>>>> has been successfully submitted by Tommy Pauly and posted to the
>>>>>> IETF repository.
>>>>>> 
>>>>>> Name: draft-pauly-masque-dns-proxy-status
>>>>>> Revision: 00
>>>>>> Title: HTTP Proxy-Status Parameter for DNS Information
>>>>>> Document date: 2022-10-04
>>>>>> Group: Individual Submission
>>>>>> Pages: 5
>>>>>> URL:            https://www.ietf.org/archive/id/draft-pauly-masque-dns-proxy-status-00.txt
>>>>>> Status:         https://datatracker.ietf.org/doc/draft-pauly-masque-dns-proxy-status/
>>>>>> Html:           https://www.ietf.org/archive/id/draft-pauly-masque-dns-proxy-status-00.html
>>>>>> Htmlized:       https://datatracker.ietf.org/doc/html/draft-pauly-masque-dns-proxy-status
>>>>>> 
>>>>>> 
>>>>>> Abstract:
>>>>>> This document defines an HTTP Proxy-Status Parameter that contains
>>>>>> the IP address and CNAME chain received over DNS that was used to
>>>>>> establish the connection to the next hop.
>>>>>> 
>>>>>> Discussion Venues
>>>>>> 
>>>>>> This note is to be removed before publishing as an RFC.
>>>>>> 
>>>>>> Source for this draft and an issue tracker can be found at
>>>>>> https://github.com/tfpauly/privacy-proxy.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> The IETF Secretariat
>>>>>> 
>>>>>> 
>>>>> 
>>>>> -- 
>>>>> Masque mailing list
>>>>> Masque@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/masque
>>>> 
>>> 
>>> --
>>> Mark Nottingham   https://www.mnot.net/
>>> 
>> 
> 
> --
> Mark Nottingham   https://www.mnot.net/
> 
> 

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email