Fwd: [Masque] HTTP Proxy-Status Parameter for DNS Information
Tommy Pauly <tpauly@apple.com> Mon, 10 October 2022 15:49 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2700C14F74C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 10 Oct 2022 08:49:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.63
X-Spam-Level:
X-Spam-Status: No, score=-5.63 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mc4qRTmgzcPc for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 10 Oct 2022 08:49:24 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE2D9C14CF0B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 10 Oct 2022 08:49:23 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ohuz5-00BzFS-Lt for ietf-http-wg-dist@listhub.w3.org; Mon, 10 Oct 2022 15:46:27 +0000
Resent-Date: Mon, 10 Oct 2022 15:46:27 +0000
Resent-Message-Id: <E1ohuz5-00BzFS-Lt@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tpauly@apple.com>) id 1ohuz3-00BzEJ-OT for ietf-http-wg@listhub.w3.org; Mon, 10 Oct 2022 15:46:25 +0000
Received: from rn-mailsvcp-ppex-lapp44.apple.com ([17.179.253.48]) by titan.w3.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tpauly@apple.com>) id 1ohuz1-00Ai3Q-Ou for ietf-http-wg@w3.org; Mon, 10 Oct 2022 15:46:25 +0000
Received: from pps.filterd (rn-mailsvcp-ppex-lapp44.rno.apple.com [127.0.0.1]) by rn-mailsvcp-ppex-lapp44.rno.apple.com (8.16.1.2/8.16.1.2) with SMTP id 29AFkCDr017021 for <ietf-http-wg@w3.org>; Mon, 10 Oct 2022 08:46:12 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : content-type : mime-version : subject : message-id : references : to : date; s=20180706; bh=j37OnUHC24Ju92JtZI+cXuTNeOd8cFQFf+Qvfue2aeE=; b=fkUWcKaylHW8jwmMEGasFlerU8RvZY6QOemQu6OQAE3ouYt3CRaJSLgurSPi4XGr/k9p 30MZejJVZCaHzD4jSViq2msSFGjd0eJjZYXl7U1UNATtM0m9rx+5mWb/joA+gn4TsBAR NTpkKOOO29k6iX/FKGQ8tKNWTPsI6uLbSjSjh2wECw5412+q2vMV481LzpCQabTW3QQu XJiVnN9mRO2EZYUC6fksQKblkou34/ruLE80XvUfF6MJ322LbzALve737ZEwAAPxG11/ Y51kPqeQscsHItbY6WFi1pox8uxNu9C+jXi36GnclqP0gsY/dHfyz12KwAxLJf+VXKPI 7A==
Received: from rn-mailsvcp-mta-lapp04.rno.apple.com (rn-mailsvcp-mta-lapp04.rno.apple.com [10.225.203.152]) by rn-mailsvcp-ppex-lapp44.rno.apple.com with ESMTP id 3k34q7mnen-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <ietf-http-wg@w3.org>; Mon, 10 Oct 2022 08:46:12 -0700
Received: from rn-mailsvcp-mmp-lapp03.rno.apple.com (rn-mailsvcp-mmp-lapp03.rno.apple.com [17.179.253.16]) by rn-mailsvcp-mta-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.19.20220711 64bit (built Jul 11 2022)) with ESMTPS id <0RJJ00BH1NT0HU00@rn-mailsvcp-mta-lapp04.rno.apple.com> for ietf-http-wg@w3.org; Mon, 10 Oct 2022 08:46:12 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp03.rno.apple.com by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.19.20220711 64bit (built Jul 11 2022)) id <0RJJ00A00NM82300@rn-mailsvcp-mmp-lapp03.rno.apple.com> for ietf-http-wg@w3.org; Mon, 10 Oct 2022 08:46:12 -0700 (PDT)
X-Va-A:
X-Va-T-CD: aeebd4fdd5963ddcce0b17227227efb6
X-Va-E-CD: 815fa8e08e4a35c03872504076137615
X-Va-R-CD: 70a3de79b9512f27aedc824f033164ee
X-Va-CD: 0
X-Va-ID: 7136911b-c56c-43d4-a9d2-21cd5edfd79f
X-V-A:
X-V-T-CD: aeebd4fdd5963ddcce0b17227227efb6
X-V-E-CD: 815fa8e08e4a35c03872504076137615
X-V-R-CD: 70a3de79b9512f27aedc824f033164ee
X-V-CD: 0
X-V-ID: b5d3bee7-1c80-4ea0-abd8-aaa966a525e4
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.528,18.0.895 definitions=2022-10-10_09:2022-10-10,2022-10-10 signatures=0
Received: from smtpclient.apple (unknown [17.11.239.214]) by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.19.20220711 64bit (built Jul 11 2022)) with ESMTPSA id <0RJJ00TKKNSZRG00@rn-mailsvcp-mmp-lapp03.rno.apple.com> for ietf-http-wg@w3.org; Mon, 10 Oct 2022 08:46:11 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_05BCD7A6-4D46-461D-BC97-6BE1D31DD7AF"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.2\))
Message-id: <B18ACDAA-3B4C-48C7-B759-749EDF3FAA4E@apple.com>
References: <4D32628F-B514-4B9E-9F50-9FDA652A59B6@apple.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Date: Mon, 10 Oct 2022 08:46:01 -0700
X-Mailer: Apple Mail (2.3731.200.110.1.2)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.528,18.0.895 definitions=2022-10-10_10:2022-10-10,2022-10-10 signatures=0
Received-SPF: pass client-ip=17.179.253.48; envelope-from=tpauly@apple.com; helo=rn-mailsvcp-ppex-lapp44.apple.com
X-W3C-Hub-DKIM-Status: validation passed: (address=tpauly@apple.com domain=apple.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-11.4
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1ohuz1-00Ai3Q-Ou 2273d6fede15ab12630edb01054af64d
X-Original-To: ietf-http-wg@w3.org
Subject: Fwd: [Masque] HTTP Proxy-Status Parameter for DNS Information
Archived-At: <https://www.w3.org/mid/B18ACDAA-3B4C-48C7-B759-749EDF3FAA4E@apple.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40429
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi HTTP, I wanted to share this draft with this group, which I’ve initially started discussion on in MASQUE. It’s a simple parameter addition to proxy-status, to let the proxy send back the IP and CNAME/alias chain it used to reach the next hop. This is useful for clients of CONNECT/CONNECT-UDP proxies that want to apply policies to specific IPs and CNAMEs (for tracker detection, cookie rules, etc). In addition to any reviews and feedback on the technical content, we’d like to know if this is something that the HTTPbis WG would like to own, or if it is fine letting the work happen in MASQUE and get review from HTTP. Best, Tommy > Begin forwarded message: > > From: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> > Subject: [Masque] HTTP Proxy-Status Parameter for DNS Information > Date: October 4, 2022 at 12:29:33 PM PDT > To: masque@ietf.org > > Hello MASQUErs, > > I wanted to share this document with this group, since it is mainly applicable to MASQUE-style (CONNECT/CONNECT-UDP) proxies. > > Right now, when a client connects to a TCP or UDP server via the proxy using a hostname in the request, it doesn’t perform its own DNS, and thus doesn’t learn about the IP address of the server it ultimately is connected to, or the CNAME / AliasMode chain that was used to get to the IP address of the server. That’s generally fine, but there are use cases where clients may want to know the IP address or CNAMEs to detect cases where trackers are performing CNAME cloaking, etc. > > So, this is a very simple proposal to define a new, optional proxy-status parameter that can let MASQUE-style proxies tell clients about the IP address and CNAME chain from DNS. > > https://www.ietf.org/archive/id/draft-pauly-masque-dns-proxy-status-00.html > > This certainly does not solve all of the use cases where clients may want to know more DNS details (SVCB/HTTPS records for ECH, alpn support, etc), and I expect more work to be needed for those use cases. However, I believe this extra bit of information is something that is incrementally useful, easy to implement, and simple to define. > > Thoughts and feedback welcome! > > Thanks, > Tommy > >> Begin forwarded message: >> >> From: internet-drafts@ietf.org >> Subject: New Version Notification for draft-pauly-masque-dns-proxy-status-00.txt >> Date: October 4, 2022 at 11:01:29 AM PDT >> To: Tommy Pauly <tpauly@apple.com> >> >> >> A new version of I-D, draft-pauly-masque-dns-proxy-status-00.txt >> has been successfully submitted by Tommy Pauly and posted to the >> IETF repository. >> >> Name: draft-pauly-masque-dns-proxy-status >> Revision: 00 >> Title: HTTP Proxy-Status Parameter for DNS Information >> Document date: 2022-10-04 >> Group: Individual Submission >> Pages: 5 >> URL: https://www.ietf.org/archive/id/draft-pauly-masque-dns-proxy-status-00.txt >> Status: https://datatracker.ietf.org/doc/draft-pauly-masque-dns-proxy-status/ >> Html: https://www.ietf.org/archive/id/draft-pauly-masque-dns-proxy-status-00.html >> Htmlized: https://datatracker.ietf.org/doc/html/draft-pauly-masque-dns-proxy-status >> >> >> Abstract: >> This document defines an HTTP Proxy-Status Parameter that contains >> the IP address and CNAME chain received over DNS that was used to >> establish the connection to the next hop. >> >> Discussion Venues >> >> This note is to be removed before publishing as an RFC. >> >> Source for this draft and an issue tracker can be found at >> https://github.com/tfpauly/privacy-proxy. >> >> >> >> >> The IETF Secretariat >> >> > > -- > Masque mailing list > Masque@ietf.org > https://www.ietf.org/mailman/listinfo/masque
- Fwd: [Masque] HTTP Proxy-Status Parameter for DNS… Tommy Pauly
- Re: [Masque] HTTP Proxy-Status Parameter for DNS … Mark Nottingham
- HTTP Proxy-Status Parameter for Next-Hop Aliases Tommy Pauly
- Re: HTTP Proxy-Status Parameter for Next-Hop Alia… Glenn Strauss
- Re: HTTP Proxy-Status Parameter for Next-Hop Alia… Erik Nygren
- Call for Adoption: HTTP Proxy-Status Parameter fo… Mark Nottingham
- Re: Call for Adoption: HTTP Proxy-Status Paramete… Kazuho Oku
- Re: HTTP Proxy-Status Parameter for Next-Hop Alia… Tommy Pauly
- Re: HTTP Proxy-Status Parameter for Next-Hop Alia… Lucas Pardue
- Re: Call for Adoption: HTTP Proxy-Status Paramete… David Schinazi
- Re: Call for Adoption: HTTP Proxy-Status Paramete… Martin Thomson
- Re: Call for Adoption: HTTP Proxy-Status Paramete… Erik Nygren
- Re: Call for Adoption: HTTP Proxy-Status Paramete… Mark Nottingham