IETF Logo Mail Archive

[Masque] Updated proposed charter text

Christopher Wood <caw@heapingbits.net> Tue, 31 March 2020 16:43 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C4423A23F5 for <masque@ietfa.amsl.com>; Tue, 31 Mar 2020 09:43:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=AlZ1ugDg; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=3SXcLNuM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Ud6j0Ij9RSf for <masque@ietfa.amsl.com>; Tue, 31 Mar 2020 09:43:09 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB5D43A23F9 for <masque@ietf.org>; Tue, 31 Mar 2020 09:43:09 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id E28B55C0324 for <masque@ietf.org>; Tue, 31 Mar 2020 12:43:08 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Tue, 31 Mar 2020 12:43:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:date:from:to:subject:content-type :content-transfer-encoding; s=fm1; bh=VWJmkN5jfCcTTL5f5fd5hlb7La EcbHhKa8YkDh07sQk=; b=AlZ1ugDgGZtg6reh0YDHIVnZOkK1rKtTJxY+goVGr2 SeWHMC/39wGs1FsXRg2xOhWK2+sbvZ9C1ANLU4jguv800XVagEAxfJzSFHspG7v9 D7nctugM4GO4uTG95xKN5CxDe6EjBqmeygsD6fUf1yf286IDU4G125bGoSVnZg9d eLR8tnze2XP5ZSQHbtylBs1/x71FuoeIIxLOIhIeNsbnSzLlNdmyLASewnqaeFRe iomItFNQT8YYNZBOoc74+pgmgVcsIoAy+jeak4b7GP020dquw4oFvi4Wz+CCjXRG bUadeXywE9+uRUMl/k7iG90N1CgJljKI8lRR/pG9rGwA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=VWJmkN 5jfCcTTL5f5fd5hlb7LaEcbHhKa8YkDh07sQk=; b=3SXcLNuM8XRtZ0edP7JxmX ewhfZXnUv8EbT4sztjw/gnjCEh4rJwOUpnBimsV/4ZzujzstSZXYCCRhg5nXJHbl scLWTHNQhfh4Im8pqdgXaNq/6iNqFRFV4lewJn0eCrKRTm+pmfirkwxqSNbxgvwZ v+rRwnnzz11MvkGhRhUINc5+Bi3ml2p/kbEp1h+wlQGIWZGvHEXXHW3nopU6sZgE hu95975taXFPotg9LE/hOn7Yd2r1JxjN+8HAEPWkphNhZ2LuHXM2Fxy7O5rAh3eO HDydFf+Ov4vOvYGxS9fppDG+9mNdIIVv1/ZmMPdhaNsvMBgsg1A2gCsuQjhwcb4w ==
X-ME-Sender: <xms:HHODXl3hKnpks97SQHL9GsXTbGMtNzh5uehKVEG37ANML-W-0doEeA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrtddtgdejudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgfgsehtqhertd erreejnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgifsehh vggrphhinhhgsghithhsrdhnvghtqeenucffohhmrghinhephhhtthhptghonhhnvggtth hishgtuhhrrhgvnhhtlhihlhhimhhithgvughtohhttghprdhinhenucevlhhushhtvghr ufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsg hithhsrdhnvght
X-ME-Proxy: <xmx:HHODXg9aSW_B5Nq_R6THYySNvWmJtsy3EeuZ9O0HGSEYuQVEnOt4bA> <xmx:HHODXucaRYTNecZC0EH6O3sfNbIxxbwcB3QzyUs7IXgl5F8igH6KrA> <xmx:HHODXkFNj2Kq7fs1_iuCIwHJMnFVbMGDGQ5u_aWDz-f_9I2Km64ZGA> <xmx:HHODXg58Jq99ud2_yiAwJLiozOYnlFx_azBdoHHI8atZFElBJz91jg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 6BF363C00A2; Tue, 31 Mar 2020 12:43:08 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-1021-g152deaf-fmstable-20200319v1
Mime-Version: 1.0
Message-Id: <89136f8b-70bd-40a0-b6d1-0e8a62a50ece@www.fastmail.com>
Date: Tue, 31 Mar 2020 09:42:48 -0700
From: Christopher Wood <caw@heapingbits.net>
To: masque@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/7hxRIqKJiqEeW57y-epwb5RVWTo>
Subject: [Masque] Updated proposed charter text
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2020 16:43:11 -0000

Based on last week's meeting, it seems folks are generally enthusiastic about some form of MASQUE moving forward. To help scope that particular form, here's an update to the proposed charter. 

~~~
Many network topologies lead to situations where transport protocol proxying is beneficial. For example, proxying enables endpoints to communicate when end-to-end connectivity is not possible and can apply additional encryption where desirable (such as a VPN). Proxying can also improve client privacy, e.g., by hiding a client's IP address from a target server.

Proxying technologies such as SOCKS and HTTP(S) CONNECT exist, albeit with their own shortcomings. For example, SOCKS signalling is not encrypted and HTTP CONNECT is currently limited to TCP. In contrast, HTTP/3 is a viable candidate protocol for proxying arbitrary traffic, as it provides secure connectivity, multiplexed streams, and migration for a single connection while taking advantage of a unified congestion controller. HTTP/3 datagrams provide for unreliable data transmission, which enables transporting UDP and other unreliable flows via a proxy without introducing potentially redundant or unnecessary recovery mechanisms. Further, HTTP/3 supports an established request/response semantic that can set up and configure flows for different services.

The primary goal of this working group is to develop mechanisms that allow configuring and concurrently running multiple proxied stream- and datagram-based flows inside a HTTP/3 connection. The group will specify an HTTP-based signaling protocol for creating and configuring each service flow. The group will first focus on a limited set of client-initiated services such as IP, UDP, and TCP proxying. Specifying proxy server discovery mechanisms is out of scope for the group. However, the group may specify techniques for identifying proxy servers to aid future discovery mechanisms.

The group will coordinate closely with other working groups responsible for maintaining relevant protocol extensions, such as HTTPBIS, QUIC, or TLS.
~~~

This should address most of the issues raised during the meeting [1]. We'd like to hear what people think about this as a viable path forward.

Thanks,
Chris, on behalf of the chairs

[1] These issues include, though are not limited to:

1. Whether or not this is a new protocol or an extension of an existing protocol must be clear before moving forward.
2. Motivation for proxy technologies requires improvement. In particular, there’s no mention of privacy objectives.
3. The proxy threat model is unclear or underspecified. Does it model Tor’s threat model, or is it something simpler? (Meta question: should this be part of an existing document?)
4. Why are services beyond simple “CONNECT for UDP or IP” in scope? Should we focus on the simple datagram proxy case first and carve out room for extensibility?
5. To what extent is discovery out of scope?
6. Framework is perhaps not the best word to describe MASQUE.

Any errors or omissions from this list are entirely my fault!

v2.23.0 | Report a Bug | By Email