IETF Logo Mail Archive

[Masque] Comments on draft-pauly-masque-quic-proxy-01.txt

Eric Rescorla <ekr@rtfm.com> Thu, 15 April 2021 17:28 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF3873A2802 for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 10:28:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IcimaAzwoGAM for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 10:28:25 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AC3B3A2801 for <masque@ietf.org>; Thu, 15 Apr 2021 10:28:25 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id x16so25032735iob.1 for <masque@ietf.org>; Thu, 15 Apr 2021 10:28:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=0bg6EizcUEoDbBIsyatzEqvgdqEeA94XdSSTgzoKmGw=; b=Yzg1LLu1AsvcsfwyeETr3AD9DQFSBaFsoJMeLi5ZPTWi6FR6IzF7ouPv7VgFpPVyhJ kGue82eMf7NDHIJsn85HqDFRNGK5npqRW44RTQIQLBBe9uBRA7pvM1RYQH2HUhWc4N7a mDF6boMppkl+OC0QDwYB/D3qdPN35Vbmi7FjYsy4NVBF5T0i0W0n3dOTIe850bl/39eP snS7s/fd9DF0I0zD7NjIfrbATtwpOO2wgOESSkri5loLeyn0HTMu8o+1BX6Z94Wcj+lH vSDZMcj7xDcxy1wfIsBWTIIzEYRHMeUem1QOXc45kWvyb0Yn9J/nk12fhkt/vueXDKyk AS1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=0bg6EizcUEoDbBIsyatzEqvgdqEeA94XdSSTgzoKmGw=; b=ueFGrKRhsooW9rwb/KYVF+RMJC/ter0h2UpgizANJOaufQlLbk1hqqYKj1VF7YQtMF /vNs6HBEp2Lz+XL2oiF8FUc00l/XGnu42IM3w5/LTqFSqT4YzHTEAnvUN4uw00auZ0JI Gxd4zORoZzRyI5KM1/ukELEv+Y51NApIq804NHGX28YrYhBy723zpZ1qUldkKAMkorX0 lY5+aEMJK2y7c4krR4PsZGyUHeeXepBC2C9I9ebIQ/8xpw/HBJ/S9JGb5fLVEYyvZY7u SFOdSiVvLxmFFFpJnMDA8KzrTb4kHx7wGXbIjMkNU6oF9yycGaQLZGwz+6ZTXSn4te7O kd2w==
X-Gm-Message-State: AOAM530P6m1dIIz4NNeflMdJn4Cd/8gJKwMph9hL/nQeDwY4t5TPrL+M DgyYapYFl8iHFjBOoxMcDcT9Brolx7+W2w2vWHXgOvCioUvxbRKI
X-Google-Smtp-Source: ABdhPJy3gi0N1A/07n6JVLCekEIEgtXydHtMhSrE46deZP/H7GgYx0ezeOn+uzQ8ixoyuVK8y+fQbK5lC079q9Lvcsc=
X-Received: by 2002:a5d:8855:: with SMTP id t21mr299052ios.98.1618507703379; Thu, 15 Apr 2021 10:28:23 -0700 (PDT)
MIME-Version: 1.0
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 15 Apr 2021 10:27:46 -0700
Message-ID: <CABcZeBOdjGJeKi+oMLWee6WcZ47=KfjrqvfL_7QxA0qkRV61uw@mail.gmail.com>
To: MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ba065e05c00630bc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/1KckWTDM79Ql-0vVOrlfcVEGLGw>
Subject: [Masque] Comments on draft-pauly-masque-quic-proxy-01.txt
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 17:28:31 -0000

Hi folks,

I've reviewed this document. At a high level, I'm unconvinced of the
requirements that lead to this design. I agree that QUIC in QUIC
is going to be common, but ISTM that

First, the Forwarded mode. I have two concerns here:

1. The general thrust of QUIC is to encrypt everything and having the
   non-handshake data in the clear goes against that. It is also much
   more difficult to analyze.

2. This document offers performance as the reason for forwarding mode,
   but I think we should be quite suspicious of such claims without
   strong evidence. The cost of symmetric encryption and decryption in
   modern systems is extraordinarily low [0] especially with hardware
   support, so removing the encryption seems unlikely to materially
   change the performance profile of most proxies.


Second, I'm not really convinced of the need to reuse local host/port
values. We have plenty of experience with TCP proxies that use a
separate port for each connection (this is, after all, what a CDN is
on the back end), and AFAIK that works out mostly OK. You don't
really explain why this is necessary, but I can imagine two
reasons:

1. Port scarcity -- this seems like mostly an IPv4 issue, as you can
   use IPv6 to have an arbitrary number of addresses.

2. Implementation issues around having multiple sockets open -- this
   seems like something that is fixable at the OS level (and again,
   we'll want to for QUIC CDNs), so we don't need to add protocol
   machinery.


Given that much of the complexity of this proposal comes from these
two requirements, ISTM that they require fairly close examination.

If we were to relax both requirements, it seems to me that we could
have a much simpler protocol which was basically QUIC-specific header
compression. I can imagine a number of different ways to implement
this, including pre-registration (the sender tells the receiver about
CIDs in advance) or notification (the receiver tells the sender "I now
know CID X and you can compress it with label Y"). Note that we could
probably just fold such a compression scheme into whatever (if
anything) we did for IP header compression.

If we only relax the forwarding requirement, then we would still
need some mechanism to mux multiple clients on the same host/port
quartet. I can imagine a number of angles here:

1. The design you have in which the client has to pre-register
   each receiving CID.
2. A design in which the proxy provides part of the CID or
   tells the client how to construct them. This would have
   the advantage that the proxy never told the client "no",
   which simplifies the client logic [1].
3. Require the clients to use high entropy CIDs (made easier
   with header compression) and just assume that conflicts
   are errors.

-Ekr

[0] It's quite old, but see:
https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

[1] And testing, as CID collisions will be very rare.

v2.23.0 | Report a Bug | By Email