IETF Logo Mail Archive

Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"

Alex Chernyakhovsky <achernya@google.com> Fri, 04 June 2021 16:30 UTC

Return-Path: <achernya@google.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE78A3A1851 for <masque@ietfa.amsl.com>; Fri, 4 Jun 2021 09:30:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id phlj_fFVQFN6 for <masque@ietfa.amsl.com>; Fri, 4 Jun 2021 09:30:25 -0700 (PDT)
Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE7533A1856 for <masque@ietf.org>; Fri, 4 Jun 2021 09:30:24 -0700 (PDT)
Received: by mail-wr1-x42d.google.com with SMTP id l2so9923697wrw.6 for <masque@ietf.org>; Fri, 04 Jun 2021 09:30:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+333Tddp4Pi2CZZoju/gT9IYQkCWeYCEChgEFteZC7M=; b=E//Oad2zngoDpvBfT6+DDrBHMydv1JNpZzjJF8HNyO5mujxHJ8xaWWEVEgj36wRQNt XJD3P2XSSlWEkJyj6YuV43v7Yu1EJtxoJfUZN89sBAUQ5BIn1iq6VZ6/ojs2LtJ0UAHq V5Xd+6dIqPSgHbz1ZaqNPi7JKqVarDgeMeYi/Xf3TttWSjaZZ/NAA0K44PT3Wist3Dlb 6oeZ5R9nB821qccqT1nfPiVqAWSqA4jO/6X46+uG3W7udkQ5FYP6f+B4HZPar21Fqywo LGThcttrCyFI4XpAp1V6Q2/bZyeg9OfwmNFwA9dT3zzOtxO561jaXq+1Td6XH1rZ4eKd Zm6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+333Tddp4Pi2CZZoju/gT9IYQkCWeYCEChgEFteZC7M=; b=HV6AyAZCmOmd2Nmeg6Lk+EA/ZO+yGvo0iXU6ouOozwaiRJqhmY2Jry+DzLBDgDprMB CCg5H7C7jX9Ure0NYtG4C94qfcYbBp+6GYGNpjlDRt6Cylwr6XGAh5hMPC3+pBaGWesC bsBdMcWdvaAQcv/57PJmeDrlUHB2IUYjN51DsKu7F/wq3bp1T8iam/0Cc7MQOwJ4Y6Iy Hc/WohpScyFCr75lDm3oSfXIIupGin/81WIy5QUjUICBA3AWXeJdpmtn9IJuuzLOIpJc s2hFeZQZGczIuV9Qm0WadBGhWjLGFcreIXhVHjyWJu3aKro3bYTOc9n6djuMgLjmQ1x3 polw==
X-Gm-Message-State: AOAM5300vKQ9GAD1GLN/OH6Myk7L6167AiEJrwPG5qvodJip+PpZ5Xmf 5fnEUI8RBjzfN1W56EdEXEOu517HMNoCkbtyUq9WIQ==
X-Google-Smtp-Source: ABdhPJzAwI+ZhFCdsZl3gGls8sW/d+kl2sDMxaxcUu6sF7NYazIFWOYMUvHw3z4Q3Y/gSLjW6jp/VOpk7GqBGaSeABk=
X-Received: by 2002:adf:f7c4:: with SMTP id a4mr4760998wrq.20.1622824222034; Fri, 04 Jun 2021 09:30:22 -0700 (PDT)
MIME-Version: 1.0
References: <d314198b-6c01-4b15-84d8-9896b5fdee80@www.fastmail.com> <HE1PR0702MB3772355483E2771650C6D679953F9@HE1PR0702MB3772.eurprd07.prod.outlook.com> <CABcZeBOXLy7VA=t7F5UC-DuKE4NPymOvXThaevKkKD3n_G5RaA@mail.gmail.com> <eda844f5db2a5f19e60a67e79e0509498285ba29.camel@ericsson.com> <CABcZeBPrQoFjvpmVumpHLq3FdnU=U00_u9zbPZoGcoXq7gA5UA@mail.gmail.com>
In-Reply-To: <CABcZeBPrQoFjvpmVumpHLq3FdnU=U00_u9zbPZoGcoXq7gA5UA@mail.gmail.com>
From: Alex Chernyakhovsky <achernya@google.com>
Date: Fri, 04 Jun 2021 12:30:10 -0400
Message-ID: <CAHbWFkQ-SRi1ma8U9qEp3wnzbnPJtT=zc95vrKqy2MD-qKb+_g@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>, "caw@heapingbits.net" <caw@heapingbits.net>, "masque@ietf.org" <masque@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004a0e0a05c3f335fc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/DjIr1grf1DJolMCierkn-Zve_vU>
Subject: Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2021 16:30:30 -0000

Hi folks,

I do not agree with the premise of making any of the protocol requirements
optional in the way being suggested here. While I am fine
with implementations not supporting every profile, I think it is imperative
that the core protocol be sufficiently flexible to be able to support the
enumerated use cases. I do not believe the complexities being discussed
here will slow down iteration on the protocol, because for the most part,
are restrictions on what the protocol prohibits (or in the case of source
address validation, out-of-scope policy issues that are not relevant to
this specific protocol design question).

Sincerely,
-Alex

On Fri, Jun 4, 2021 at 11:53 AM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Fri, Jun 4, 2021 at 7:57 AM Magnus Westerlund <
> magnus.westerlund@ericsson.com> wrote:
>
>> Hi,
>>
>> On Wed, 2021-06-02 at 15:32 -0700, Eric Rescorla wrote
>>
>
>
>> With the caveat that I am not a huge fan of requirements documents, this
>> seems like it's just punting all requirements discussions to the protocol
>> document. If we really don't have consensus on 2.4 (and without taking a
>> position either way on that), then I would rather bracket that requirement
>> and declare consensus on what we have.
>>
>>
>> If with "bracketing" means clarify that these are potentially optional
>> parts then I think that is a reasonable direction.
>>
>
> This is what I am suggesting.
>
>
>> I don't personally strongly desire 2.4 but it's clear to me that 2.4 is
>> an essential part of operating a large class of corporate VPNs, so if we
>> want to have a generic VPN protocol, we need it, no? To the extent to which
>> it is complicated, I would suggest we try to solve it (borrowing from IPsec
>> as appropriate) and if we discover we cannot within a reasonable period of
>> time, then we can consider punting it.
>>
>>
>> So I am not objecting to the WG working on 2.4, and as you say it will be
>> necessary. However, I would strongly prefer to have that functionality
>> being an extension of a basic core.
>>
>
> What I am proposing here is that we:
>
> - Mark this requirement as not having consensus in the reqts doc
> - Try to develop it contemporaneously, and if it is done in time, put it
> in the core document and if not, consider an extension.
>
> -Ekr
>
> --
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
>

v2.23.0 | Report a Bug | By Email