[Masque] QUIC proxy scenarios

Christian Huitema <huitema@huitema.net> Tue, 21 May 2019 09:04 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E995E12011C for <masque@ietfa.amsl.com>; Tue, 21 May 2019 02:04:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrerJW9e6IsF for <masque@ietfa.amsl.com>; Tue, 21 May 2019 02:04:44 -0700 (PDT)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 264DE12003E for <masque@ietf.org>; Tue, 21 May 2019 02:04:41 -0700 (PDT)
Received: from [66.113.192.14] (helo=xsmtp02.mail2web.com) by mx61.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1hT0hK-000130-NR for masque@ietf.org; Tue, 21 May 2019 11:04:39 +0200
Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp02.mail2web.com with esmtp (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1hT0hE-0008U5-Un for masque@ietf.org; Tue, 21 May 2019 05:04:33 -0400
Received: (qmail 14205 invoked from network); 21 May 2019 09:04:27 -0000
Received: from unknown (HELO [192.168.203.163]) (Authenticated-user:_huitema@huitema.net@[217.138.62.243]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <masque@ietf.org>; 21 May 2019 09:04:27 -0000
To: masque@ietf.org
From: Christian Huitema <huitema@huitema.net>
Openpgp: preference=signencrypt
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <273b9eaf-5d9d-949f-7d43-95293248f43f@huitema.net>
Date: Tue, 21 May 2019 02:04:27 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Originating-IP: 66.113.192.14
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.192.14
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.192.14@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0fbJ1LThpDP3PaEa+mzHFASpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDLFrcqaxDIU8vFldGbCR/osRX qYbtEQV1z/L435ZRxFTzrChh2a5dPZBw/HfNNBTv5EYKk9ePgXGbt5xuMhAKm1ZiUSAofzQZyw1N o2+95uQW61hCaq5NQt/Mf8f+e7APK5uN4Nhp7uOkWlmbQCkb22ZahCgUvTCueR5bi0bHK/zq20Ir djTsEn8SSkbQKzz72uNIutGUgOOU1d7zP0IzRPIQIv2aSzkkDZaZXSM5DYjTrsATPk6AFd9U7Vrf EkxJnsq4c1pop2DuIERl592w1fjK5C8xl9w5AM8l/FzOEu8avGBOsb3uAuwb33alNE8e2D7Pg9YY 8vBj2TRNhZAe6YyvmDnX92U+JTfV/AQ4rGqRVYKU9W9tbmVXJBqdHHDmYXsiVF5wffWyF/YddRK2 vlvF1BEuc3n5gA7SLmt1K+nhIs9NF5IhaqugElCl9INiVoFlrH85nRAcZP8OPs9l1sSPnDd8OSE3 i3W39wupKtm/abKnsXjH4yH7Z+rn6PkA4FIizetikEepCrTBhs+9Fqyp/agYZfrnDk8+IFUpab7m 9Ql4Ld7qe/xoNQPgy7UpxcIWHOi9y3yF+Ot2t6dhJc2bXYMFScrLivfWmWkJo22CHZOREywSBAd6 WuRFS3mxdD9jbFtwLGoSdPbcyaFowIjzFzKcyL9Wx01pdB7Gnbk8CVsONrMJuGzuoGnKTKcymM5H 5NK8ObCxL+Ab3gHeBGp1PWox/HcVwRsYfOuMC9EDvRTWmuYW5XPvbs91Tlwpv0lqRWmYZel4DctY KBjcJAZlJF8UKGQcpLF8m4y5fNSIlEy3YgJZkOfaaqfw0pD+E4vXmYOrZ6ynPfzK8qbeqosYcSFD ZkSOre2YUe/WyPr4xM5tUrEfL92iWzfzWX2vJeNfaj+DKN82dVVpaMxSGA==
X-Report-Abuse-To: spam@quarantine9.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/8OqUa3NMlwaqreMJSp4AtFLI8QI>
Subject: [Masque] QUIC proxy scenarios
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 09:04:47 -0000

During the first day of the QUIC interop in London, we discussed the
scenarios for a QUIC proxy. This is what I am looking at:


# Scenarios

## Home Server Scenario

Home server establishes QUIC connection with proxy server "in the
cloud", publishes name in DNS with address of cloud server.
Client sends QUIC messages to proxy.
Proxy recognizes the SNI in Initial packets, or the Destination CID in
handhsake and short packets.
Proxy forwards packets to QUIC server as "datagram".
Home server treat packets as if received on UDP socket.
Home server forwards packets to proxy as datagram.
Proxy relays QUIC packets to the client.

Optional: QUIC server may use the "preferred address" mechanism to
suggest migration to a direct connection, bypassing the proxy.
Optional: local clients may discover the local server, without using the
proxy.

## Hidden client scenario

Client establishes connection with proxy. Sends QUIC messages to proxy
as datagrams.
Proxy decapsulates the messages, sends them to destination server.
Destination server replies to proxy.
Proxy examines CID, determines which client it belongs to, forwards QUIC
messages as Datagrams to appropriate destination.

## Onion scenario

Client establishes connection to proxy, then through that to another,
etc. This creates a tree of proxies rooted at the client.
QUIC connections are mapped to a specific branch of the tree.

Hidden server can similarly hide between several layers of proxy. Hidden
servers should not publish their address in the DNS.
May use an Onion DHT service instead (see Tor ".onion"), or in fact any
other mechanism. This is out of scope in this spec.

-- Christian Huitema