Re: [Masque] Erik Kline's No Objection on draft-ietf-masque-connect-udp-14: (with COMMENT)
David Schinazi <dschinazi.ietf@gmail.com> Thu, 16 June 2022 22:41 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8013BC15BED3; Thu, 16 Jun 2022 15:41:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fTppuaJAR0iM; Thu, 16 Jun 2022 15:41:32 -0700 (PDT)
Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCFC0C15BED0; Thu, 16 Jun 2022 15:41:32 -0700 (PDT)
Received: by mail-pf1-x42e.google.com with SMTP id i64so2671230pfc.8; Thu, 16 Jun 2022 15:41:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AgziyMDUS/dNAjciCAn5sHs/Z9eu4CUyd5uCM3eJ5sI=; b=ZRL7d5egKkYXGEYyYoZFcqTjxcVxRGxp/3WhET64Z3k8o547qzV+TyShUcyhGv7tLw pce6VG3ga+SA6TPw72RVRk5rMRnPtnWT8Ye25D83sqBiQ4m5XXJZ4daBLIGs3Egz+/wW xnl4MJVAhPTVNmhVWSPq+1UrXazjESvpbVPMdOIZhtDC8pYYYNEw/2HbjhctHpjicRgH jBbpVIMoK54sEwU1XXTDsiUzD06GoHRu+eaKxpj8jpVA7KZZFXj+pBhSO0+BcNlf5TqB JjSVJCTfZRFtYxA5OebPfM7SEvf8UDsCw0i2jkjTmp0bU0Z5WA/1tj8M7dd4jtr3VcGD 4JLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AgziyMDUS/dNAjciCAn5sHs/Z9eu4CUyd5uCM3eJ5sI=; b=JzLyaL6ana2/H7loStayG0X2AXZbLU5MVBGNbz0r3C+Rpqw4ZLDf0T9fvRD8GY9G7B rvsEesXc+AvGqk0HFdiec5Mtt64edW9U1y98hLItYSTxFQ/GrYF/7QsIdMaLBF5VnaSK cphXNf6mD1ZIVVsehnblwIukVbeokEwCjCDv/PTQecf2UHaQLy/7SGyLRxFDlhTtN01F Ydt0zOSyk+Q9mwvGirNfOP4jnCYARCaRQZnu8Sw8J6zGloyt6rhhGn6SiJ+1oQ7BkfN7 DGAo5sAHp9eBlMLjfPBGGdUYIBdLHE3iyq292qfOdXe3Kx5tSGyEReHRiUJvZ/rmZOlC 6w/Q==
X-Gm-Message-State: AJIora8BP60mITuORLhJ2i3Bby8C0q4g/RddTzCSxjltHERxp5SUxTtB yVfPZJNI10KElENapnOD4f9qESs2l/lBcCBw/DmQRfD8QfA=
X-Google-Smtp-Source: AGRyM1umhjmeOqTX6v2V9M7qWWnePIfI3m3Vs8d3CHHhn1l4LOKibnbTZs/GI2Vu8633UyxToiJkvD7ZGWilOUo7wO4=
X-Received: by 2002:a05:6a00:150f:b0:51b:e050:d36e with SMTP id q15-20020a056a00150f00b0051be050d36emr6918753pfu.44.1655419291711; Thu, 16 Jun 2022 15:41:31 -0700 (PDT)
MIME-Version: 1.0
References: <165516879058.39452.14276389104602931870@ietfa.amsl.com>
In-Reply-To: <165516879058.39452.14276389104602931870@ietfa.amsl.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Thu, 16 Jun 2022 15:41:20 -0700
Message-ID: <CAPDSy+7FhvQCKQ9hdpwfFz_XA_QShffHLs5ErUATe2Dpk9L2JQ@mail.gmail.com>
To: Erik Kline <ek.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-masque-connect-udp@ietf.org, masque-chairs@ietf.org, MASQUE <masque@ietf.org>, Eric Kinnear <ekinnear@apple.com>
Content-Type: multipart/alternative; boundary="000000000000d63c1b05e1985667"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/AhDpf0Gk4RM6VfZXT1MCs1sPlyE>
Subject: Re: [Masque] Erik Kline's No Objection on draft-ietf-masque-connect-udp-14: (with COMMENT)
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 22:41:33 -0000
Hi Erik, thanks for your comments. Responses inline. David On Mon, Jun 13, 2022 at 6:06 PM Erik Kline via Datatracker <noreply@ietf.org> wrote: > ### S3.5 > > * Should the 2xx discussion here include additional reference to the > extended > commentary in masque-h3-datagram#section-3.2? > Agreed, I've replaced that text with a reference in this commit: https://github.com/ietf-wg-masque/draft-ietf-masque-connect-udp/commit/8020b2dc88fd51bc3c10b172bbb85e82a3eda403 ### S7 > > * I *really* wish there could be more said about tunnel security. I was > tempted to try to formulate some DISCUSS on the matter, but I cannot > seem to see where any more extensive text was ever written for the > CONNECT > method. > > Nevertheless, there are plenty of concerns that could be mentioned, like > what should a proxy do if the target_host is one if its own IP addresses, > or a link-local address, and so on. > > I'm not entirely convinced that it suffices to claim that because the > tunnel is not an IP-in-IP tunnel certain considerations don't apply. > Anything and everything can be tunneled over UDP, especially if RFC 8086 > GRE-in-UDP is what the payloads carry (or ESP, of course). It seems like > most of the points raised in RFC 6169 apply; perhaps worth a mention. > > But as I said, I think all these concerns apply equally to CONNECT (in > principle, anyway), and the text here is commensurate with the text for > its TCP cousin (that I could find, anyway). > I absolutely agree. I added guidance in the following PR: https://github.com/ietf-wg-masque/draft-ietf-masque-connect-udp/pull/179 Could you please take a look and let me know what you think?
- [Masque] Erik Kline's No Objection on draft-ietf-… Erik Kline via Datatracker
- Re: [Masque] Erik Kline's No Objection on draft-i… David Schinazi
- Re: [Masque] Erik Kline's No Objection on draft-i… Erik Kline