IETF Logo Mail Archive

Re: [Masque] Proposed draft charter

Mirja Kuehlewind <mirja.kuehlewind@ericsson.com> Mon, 27 January 2020 15:42 UTC

Return-Path: <mirja.kuehlewind@ericsson.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6096D1208EE for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 07:42:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7JZneB2iziz4 for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 07:42:56 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10066.outbound.protection.outlook.com [40.107.1.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE1351208E0 for <masque@ietf.org>; Mon, 27 Jan 2020 07:42:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iA4nzPGHgGXk8HyGwzVhvWNbQaycuQwUOaxiAlqILyittWw7FFu1Nbhk+awfkVFKk650tZIGIjgp/f9nfqdtneUef4Ih/1LoSBmzJwTaAV8y4wEmlPvYRidWZR6lojf15fXfO615gd2ez/hNqmtHYj8MpKk+HsTw2qiMruhAUhJ8TZzj31qMJAfwf/Oh7NPP2rIA/+4YsalIqeUI8L+VNEBhkZUdVCxuXeUhdyiaRmdsewaA6B4UbtZfUzD/gjgsfDdvfIP2lMLJbU+7YJhdkumzrV0e95mseLmWUQlF+m9NuBtRdA8jeHrQbFs9eS8hCNIeDzxXPXFMWdBBfosbaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f9cwYXVh7F+ASY4IegspFxXmICY1i7mDKtkvWg+g7YM=; b=HpkryQ17tF+nIQ28pD5AgyQvOtzBNu6RBY7xyRJ5GN+yG3NKId9m/A4jQrSJJuHMumQskTok0J+YK/mF3/yA9u5FC2pnabRSQNqK/Oge1q6/qbgjcaUwBj9ZmB9DlZHXzwRVBARnF8PkuZ7m7m7YSpJ/qASHDyx2baCgyMBGa6DBsrT/7I9jfr9m502WtmUXeYDNXOYH2aUoXLP6RawzQCZOXqPJTxfXrQN0a3yuoND70f1insXPSu298ItQ4dawXZcz5FSLgYpXm64bulZ1qmKRJyZwKDaLwU2MTj2Pqin4hPPr4Fj7HSWK0Y4Z545J7oWkPQdmrmLeGdTWxrYGSg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f9cwYXVh7F+ASY4IegspFxXmICY1i7mDKtkvWg+g7YM=; b=Z0A8/9kLqnTfnH0uPGYywm/HqeQKbTrfGJwqbOHnEPrHcPFiML2WCAE0hUaBYsVWy3+qYMwu+tClp7wwV2byLjjVbwd6Hj7BX9WT66B5MJEts6L6J17Mav5vIarybARzxQ3c+RsOBu5M+GcXw5hYqRpq+umX7vhPjuKfEjEBVAg=
Received: from AM0PR07MB4691.eurprd07.prod.outlook.com (52.135.149.158) by AM0PR07MB3857.eurprd07.prod.outlook.com (52.134.82.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.12; Mon, 27 Jan 2020 15:42:53 +0000
Received: from AM0PR07MB4691.eurprd07.prod.outlook.com ([fe80::4879:46ae:16e:f5b7]) by AM0PR07MB4691.eurprd07.prod.outlook.com ([fe80::4879:46ae:16e:f5b7%7]) with mapi id 15.20.2686.019; Mon, 27 Jan 2020 15:42:53 +0000
From: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
To: Marcus Ihlar <marcus.ihlar@ericsson.com>, "lars@eggert.org" <lars@eggert.org>
CC: "masque@ietf.org" <masque@ietf.org>
Thread-Topic: [Masque] Proposed draft charter
Thread-Index: AQHV0w4aBWkpAZDWB0m+dMAczIB7OKf+HuIAgABtuAD///iXgIAAIyMA///06ACAAALwcIAAG1uA
Date: Mon, 27 Jan 2020 15:42:53 +0000
Message-ID: <A43D69C2-9416-40DA-9C57-CE4ACAADF2C8@ericsson.com>
References: <845946C2-EB98-4F3A-966E-968AE349302C@ericsson.com> <B5A0CBC5-6127-4F47-B1CC-2BFF4934EA62@eggert.org> <0E417F05-7EB0-42DE-B120-51873E9F464C@ericsson.com> <CC941298-36BC-4C97-AB3D-5993A3F2FB73@eggert.org> <17638BD9-3EA7-4026-A543-130281CB3978@ericsson.com> <0A22B1D4-3517-44B6-B8C0-ED8965CF548B@eggert.org> <AM0PR07MB41613C039967A686A2745B01E20B0@AM0PR07MB4161.eurprd07.prod.outlook.com>
In-Reply-To: <AM0PR07MB41613C039967A686A2745B01E20B0@AM0PR07MB4161.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mirja.kuehlewind@ericsson.com;
x-originating-ip: [2001:16b8:24af:8600:61cf:3cfd:ed55:942e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 92fef96a-391a-4c61-f323-08d7a33f92b3
x-ms-traffictypediagnostic: AM0PR07MB3857:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR07MB3857628B82B233E142C61066F40B0@AM0PR07MB3857.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02951C14DC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(396003)(136003)(346002)(366004)(39860400002)(199004)(189003)(53546011)(6506007)(478600001)(110136005)(186003)(2906002)(8676002)(81166006)(71200400001)(86362001)(81156014)(36756003)(5660300002)(2616005)(8936002)(316002)(4001150100001)(6486002)(44832011)(33656002)(4326008)(6512007)(66446008)(66556008)(66476007)(66946007)(91956017)(64756008)(76116006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB3857; H:AM0PR07MB4691.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: mS4vJ1n80iPLoUlp/KzNi61OQHV9yRtcNhRcs+PFutfXtj4tiq7tFox6Jh/VFVD8IL3x2Y/K9wO121VbTQyCUUP1tyBOAkXNEhPetVczaKUKPIiBETCLwoI0p02UVreGUjCv4FV4cUQOhe7SetgIS3ddA0al7Sdmof043Xine/JAIJPIHDz/g4XxRgEaWkK/zy3CYS8HozmL8BIhwy9mViWovLUavBvZqEMvy00UlLKdCSOILyKSBMe4jQEK8fBJzHptVlnCjy01KwPQOMXUFk4KQNTTlcb7k2fCJ3l5ZM7TBFlywZQuHeZrmdMzZEXESYK68OiU7ztR4FCE4DS7oxnJwHmUd6hkxVpeHYFtDz5tuOda+OPM1RZEK+5XekBZFpgKX0cQU6bc5GXKb5j71S8zn3T6SRgkQ7ElBbgPzDyx11Y1Q5PyNg2cokW3sj7C
x-ms-exchange-antispam-messagedata: dSYQUu9Na6bibQHHTtsClgG9gpQe5SUCsnkGojhhbBRBkNYY3vV8vDX0a2FIa9FQhLXkLieVuCkI9XvYcGZkRQo3f/BuKn+4lBeXsPM1sNq8nEZJ49wUaxL/yheIPWQ2RU3um42QYvjqWbRQfexfbGoo2xJsqtPwVnzm7QcPJr/LwRey2OSpkhPRxizkjhJNfe6GPpM6cCCmkyQPrb0BcQ==
Content-Type: text/plain; charset="utf-8"
Content-ID: <FF6D439E8D673A4BA0361F8F044D5F50@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 92fef96a-391a-4c61-f323-08d7a33f92b3
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2020 15:42:53.4788 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1m2BI3RVEZOzT7R7THkWeoO8EOca2TsHsd4CDAdSIsu6SCz4RXNAD0Cwpki/erAKxFqCIicDOxIzpawJrRIFOckhpLqbJY/th9sAI0POf2U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB3857
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/0rqdMFU_ZOIV8PaG5kHtVAtAqDg>
Subject: Re: [Masque] Proposed draft charter
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 15:43:04 -0000

Hi Lars, hi all,

see below.

On 27.01.20, 16:27, "Marcus Ihlar" <marcus.ihlar@ericsson.com> wrote:

    
    -----Original Message-----
    From: Masque <masque-bounces@ietf.org> On Behalf Of Lars Eggert
    Sent: den 27 januari 2020 15:54
    To: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
    Cc: masque@ietf.org
    Subject: Re: [Masque] Proposed draft charter
    
    Hi,
    
    On 2020-1-27, at 16:34, Mirja Kuehlewind <mirja.kuehlewind@ericsson.com> wrote:
    > [MK] Only the outer client to proxy connection would be "eliminated".
    
    thanks for clarifying.
    
    So if the concern is for the client-to-proxy part, why does this outer connection need to be QUIC at all? (I think this is also what Marcus described in his reply, i.e., that you could simply run a non-QUIC protocol between the client and proxy on the same five-tuple.)
    
    [MI]  One reason for the client-proxy communication to be QUIC-based is that it would allow for both the double encrypted tunneling and the UDP-forwarding modes. 
    Also, it is probably a good idea from both privacy and deployment perspectives that the client-proxy communication isn't easy to distinguish from standard QUIC traffic. 

[MK] Yes, these are the most important points. The initial use case for MASQUE was obfuscation - so in that case the goal is trying to make MASQUE look as much as possible like any other QUIC traffic on the wire - but there are actually more use cases were the same kind of proxy/tunnel setup would be beneficial so we extended the scope in the proposed charter still including obfuscation as one case. When using QUIC, it is especially nice that different QUIC streams within one connection can be used to forward traffic over the same proxy to different target servers (while e.g. SOCKS would use a separate port for each connection which is then of course visible on the wire), hiding information about the existing of these different connections completely from the respective network segment.

[MK] Further QUC provides build in encryption and authentication. While there are cases were double-encryption of the end-to-end traffic should be avoided, any communication with the proxy directly must be encrypted of course.

[MK] I would say QUIC is simply a nice fit for a transport protocol underneath the proxy protocol we want to work on, providing the features needed for the proxy service like multiplexing, encryption/authentication, and optional datagram support. So why not using it __ Further as the expectation is that in many cases this will especially be used to tunnel quic within quic, you may need to implement only one stack on the client and I think this also open potentials for further optimization in the future.

Mirja

v2.23.0 | Report a Bug | By Email