IETF Logo Mail Archive

Re: Interest in a UDP equivalent to the CONNECT method

Ben Schwartz <bemasc@google.com> Sun, 04 February 2018 16:23 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64029127201 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 4 Feb 2018 08:23:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.009
X-Spam-Level:
X-Spam-Status: No, score=-7.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k617eRkDmtqF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 4 Feb 2018 08:23:13 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4A291271FD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 4 Feb 2018 08:23:12 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1eiN1l-0008UO-CV for ietf-http-wg-dist@listhub.w3.org; Sun, 04 Feb 2018 16:20:25 +0000
Resent-Date: Sun, 04 Feb 2018 16:20:25 +0000
Resent-Message-Id: <E1eiN1l-0008UO-CV@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <bemasc@google.com>) id 1eiN1b-0008Tc-9J for ietf-http-wg@listhub.w3.org; Sun, 04 Feb 2018 16:20:15 +0000
Received: from mail-it0-f41.google.com ([209.85.214.41]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <bemasc@google.com>) id 1eiN1Z-0001tT-Fv for ietf-http-wg@w3.org; Sun, 04 Feb 2018 16:20:14 +0000
Received: by mail-it0-f41.google.com with SMTP id h129so13202840ita.2 for <ietf-http-wg@w3.org>; Sun, 04 Feb 2018 08:19:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Zz0Q6rQKkkXTa/FjNiGnASKTQpCEsdohS/TeO4VBFcM=; b=EtU4zDRg8Oc9St0RT3Yv8WPW95tFtCp7TJNEav0R0P1qXfwrhs8CvD+lLcof+nNhk9 096h/Of4tP8Be9u7Pt8tMYFQWRAVlL1URblud4sVidZLvX84UTuGRznAXMZSr4y172CB fv7Dfl0DYD+SMoNGqZtMw6wU80Y1oDrLcTmNROzguO34BBHWUNDHkiC/dgFGIhigz6Z7 Nv1u55B5b2/gdcHS7IJgM7yUywKH6yPXi1G8sg8IJpM5059tNbZ8pDC2IZLArr3GEPDr BYisRDyQkdfTQGGPbkBaEWOTbxqyrOr5wyj31uvFMyuoZgYd+3c/FXptXaYwBgvansB9 AKbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Zz0Q6rQKkkXTa/FjNiGnASKTQpCEsdohS/TeO4VBFcM=; b=NR2/ZTk6DcZ0XRiyz5FcympGtGOEbSN/oeEDGflI3m14nKHzQEOeEdfGWNFsl0r/AE R5p3CmLRbXnNFRHfrfUiDWGjyUmR+uBHlzJ44ryxxcdrMiRX1t/TZsZ/dChVIX8/riGD sK7Hqb4EEemZKplR7Q028TY3G5Uf8pGjzHXroVlaZ0MDxB/qGBXPR46x13DrlrIcXMDl ArQp9JWHhk3rpTYUYR8SG9SbLCvL50X4tk9iy6f3NtgNCcn9vgLr9Cz7syxo65zog1Ty Vt7xw/WBZIAROeL6tOKBHAhZkBewc29GDSj2Cl2jMEQZPso8lSsfZm0yoBmPEnyohcnM n/pw==
X-Gm-Message-State: AKwxyte+nB+mJdfhwriidijni8KLogdQVDvLchKmsqI0/Mb5Vzaz6eAw Jkwv1WuJ+ilhhU+5abH5a95sbYQLzrhivp0DGr5rhg==
X-Google-Smtp-Source: AH8x226QaoF8rlTrEWhdfKs3PclUVxvQwppY4uS0Sht78dhWc62u0ei8OCTxvWMHBOcrWXRyATvgncNcLk/vSeZ/pg0=
X-Received: by 10.36.178.18 with SMTP id u18mr31320640ite.8.1517761192186; Sun, 04 Feb 2018 08:19:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.164.160 with HTTP; Sun, 4 Feb 2018 08:19:51 -0800 (PST)
In-Reply-To: <7CF7F94CB496BF4FAB1676F375F9666A3BACAEC5@bgb01xud1012>
References: <7CF7F94CB496BF4FAB1676F375F9666A3BACADD6@bgb01xud1012> <20180203154250.GA28930@LK-Perkele-VII> <7CF7F94CB496BF4FAB1676F375F9666A3BACAEC5@bgb01xud1012>
From: Ben Schwartz <bemasc@google.com>
Date: Sun, 04 Feb 2018 11:19:51 -0500
Message-ID: <CAHbrMsCTV3OyMNhroSOGBWzH+NhSSDG2Qp4+TpkD2b=kTkV9sg@mail.gmail.com>
To: Lucas Pardue <Lucas.Pardue@bbc.co.uk>
Cc: "ilariliusvaara@welho.com" <ilariliusvaara@welho.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="f403045d99eac0132b05646550f1"
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: AWL=-0.077, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, W3C_AA=-1, W3C_DB=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1eiN1Z-0001tT-Fv 1fcf3cf5d1ccfb0f8b070d1ca944e583
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Interest in a UDP equivalent to the CONNECT method
Archived-At: <https://www.w3.org/mid/CAHbrMsCTV3OyMNhroSOGBWzH+NhSSDG2Qp4+TpkD2b=kTkV9sg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/35081
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

In my view, a UDP counterpart to CONNECT ought to work not only for
HTTP/QUIC but also for WebRTC.  That means that it should have the ability
to receive packets from unexpected sources, as the remote party's effective
address may not be known in advance.  I don't know how to map that semantic
into HTTP/2 frames.

On Sun, Feb 4, 2018 at 9:54 AM, Lucas Pardue <Lucas.Pardue@bbc.co.uk> wrote:

> Hi Ilari,
>
> Thanks for the comments. To be clear, the intent is to emulate the use of
> CONNECT as far as possible. The details of how CONNECT is used across
> HTTP/1.1, HTTP/2 and HTTP/QUIC varies a little but the main gist is similar.
>
> Ilari Liusvaara wrote:
>
> > Why you are assuming the data has anything to do with TLS? What would be
> > the other endpoint of the TLS link? If it is the proxy, that seems overly
> > complicated, as things can be keyed easier. If remote server, I do not
> think
> > there are any programmatically understandable ways of using TLS in this
> > scenario. And then there are protocols that use DTLS or something else to
> > secure themselves.
>
> My main experience is with HTTP/QUIC so I gave that as an example. In
> simple terms, the client using the proxy begins a TLS 1.3 negotiation over
> UDP with the remote host, once keys are exchanged protected QUIC packets
> are used.
>
> > There are UDP protocols that absolutely rely on segmentation, so the
> > segmentation needs to be preserved. I think DTLS 1.3 (as currently
> > drafted) is actually one of those protocols.
>
> Noted.
>
> > 1:1 frame translation would be possible in HTTP/2 and QUIC (obviously
> not in
> > HTTP/1.1). However, it would change semantics of the DATA frames from
> > just being fragments of stream to meaningful units in themselves.
>
> I think this is already true of HTTP/2 and CONNECT. RFC 7540 section 8.3
> states that on the stream that initiated the CONNECT request, DATA frames
> have a new meaning, they correspond to data sent on the (remote) TCP
> connection.
>
> For HTTP/QUIC, I would imagine that a client packages QUIC packets
> targeting the remote host within DATA frames. The proxy unframes these and
> forwards them on, and vice-versa.
>
> > Also, it seems to me that using any reliable streaming protocol would run
> > contrary to reasons applications are using UDP. TCP is so much easier
> than
> > UDP! Granted, the unpredictable delays would be much smaller. I am not
> > quite sure if QUIC plans to have unreliable streams for the first
> version or
> > not.
>
> Ben made the same point so perhaps I'm not understanding the issue. As I
> understand it, if you are using a protocol on top of UDP that requires
> reliability, then you need to provide that. E.g in the HTTP/QUIC use case
> QUIC provides the reliability assurances.
>
> > > The handling of UDP "closure" is a problem area that needs more
> > > thought.
> >
> > I thought UDP has no "closure". You mean client or proxy shutting down
> the
> > listener (so to free the proxy resources)?
> >
>
> I'm open to input here.
>
> Kind regards
> Lucas
>
>
> -----------------------------
> http://www.bbc.co.uk
> This e-mail (and any attachments) is confidential and
> may contain personal views which are not the views of the BBC unless
> specifically stated.
> If you have received it in
> error, please delete it from your system.
> Do not use, copy or disclose the
> information in any way nor act in reliance on it and notify the sender
> immediately.
> Please note that the BBC monitors e-mails
> sent or received.
> Further communication will signify your consent to
> this.
> -----------------------------
>

v2.23.0 | Report a Bug | By Email