IETF Logo Mail Archive

Re: [Masque] Proposed draft charter

Marcus Ihlar <marcus.ihlar@ericsson.com> Mon, 27 January 2020 14:37 UTC

Return-Path: <marcus.ihlar@ericsson.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEB3C12008D for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 06:37:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5pVZYfaTMFmN for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 06:37:04 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60052.outbound.protection.outlook.com [40.107.6.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B12EF12004F for <masque@ietf.org>; Mon, 27 Jan 2020 06:37:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kqfbpp7NBffA27cB6uwQ+YGh3ugphtJhsUki3jg8SMvUTHbgCGR3HRBs4WJJvyDRSwZdFaladc814MQfLxUpCA1Wu+rRljmsll/PhE/LXikZsSIfCY+vdF9HMTD4sWNRCQCfDQaGCM5VuIUBPy1e2N1KOrRkCK6T8mKXgy+7WiLqs6w7T3rDx02/wTvA54MM/pvIF15sQPPfgAK9MgO+8gKx960BR8eJprSzwh4w15t1zSSUSR3Vd2bJrss2bDBJZzaUQRPUszVgzMnAGMWkYcWsCCzlcpty7MA0b3okM/VgV91WDMn1f0g/8H92yNTQjdTFjlCAubF4QdDOUpjo5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/ScOPHOwGfksbMuUKrpc2j6rbFc6T6NmU+MnUsAxNag=; b=AysOOaKe6/RIZ5DSiEw3KA96O6C/tS4MEoUZrhYMNcnf0fPyyoigoiqKoh/2mCiRxk81MUe/v25xU9NC+lMJ3RLJErYhViDRU35xU9NxcepEUu/qhi1zVD5jJVRdTn/WhlDjB4Yk8oRPCxJGZmOsYj+UpK1UPbWgQckMOmEGv8CXvYwnYQcJMw00XxMQNvj5247vjK2SQLDqfSLS1FiAel4/zcjQHcROirEJWCiet5pO6V3oWZHY0ORMEqafS497ywhZSSChlh8Agatw6VUTZSOTCPF5zLGz2ioVg5NkCTmmOs+f0egBQFoqkp8H9aPr9F4Mub8klOHawfbrUFevlQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/ScOPHOwGfksbMuUKrpc2j6rbFc6T6NmU+MnUsAxNag=; b=ko/m+5l/ihWLMnXOlkqKNEHMI0VrHke5ZVpyoehFZs9oCzV7dDvv7vOGvif+wAsVHYA4WmGdzpz/W2KDTixnazjEeaiXYaSqAGI9UD4c3a7A4t2x29wc9uFznFQZ7FegUEjxwF9mPI5BWGhyJ83eFFHN0smi0HqCN/DG91YiXUQ=
Received: from AM0PR07MB4161.eurprd07.prod.outlook.com (52.133.54.154) by AM0PR07MB4643.eurprd07.prod.outlook.com (52.135.150.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.12; Mon, 27 Jan 2020 14:37:01 +0000
Received: from AM0PR07MB4161.eurprd07.prod.outlook.com ([fe80::ccce:fe92:e621:a264]) by AM0PR07MB4161.eurprd07.prod.outlook.com ([fe80::ccce:fe92:e621:a264%3]) with mapi id 15.20.2686.019; Mon, 27 Jan 2020 14:37:01 +0000
From: Marcus Ihlar <marcus.ihlar@ericsson.com>
To: "lars@eggert.org" <lars@eggert.org>, "mirja.kuehlewind=40ericsson.com@dmarc.ietf.org" <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org>
CC: "masque@ietf.org" <masque@ietf.org>
Thread-Topic: [Masque] Proposed draft charter
Thread-Index: AQHV0w4aBWkpAZDWB0m+dMAczIB7OKf+HuIAgABtuAD///iXgIAAB+aw
Date: Mon, 27 Jan 2020 14:37:01 +0000
Message-ID: <AM0PR07MB41614795B6551F0EE31328D2E20B0@AM0PR07MB4161.eurprd07.prod.outlook.com>
References: <845946C2-EB98-4F3A-966E-968AE349302C@ericsson.com> <B5A0CBC5-6127-4F47-B1CC-2BFF4934EA62@eggert.org> <0E417F05-7EB0-42DE-B120-51873E9F464C@ericsson.com> <CC941298-36BC-4C97-AB3D-5993A3F2FB73@eggert.org>
In-Reply-To: <CC941298-36BC-4C97-AB3D-5993A3F2FB73@eggert.org>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=marcus.ihlar@ericsson.com;
x-originating-ip: [192.176.1.86]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 13f9f0c6-b710-4008-4516-08d7a3365f26
x-ms-traffictypediagnostic: AM0PR07MB4643:
x-microsoft-antispam-prvs: <AM0PR07MB4643D7057587F8D2BC30EAB4E20B0@AM0PR07MB4643.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02951C14DC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(366004)(376002)(346002)(396003)(189003)(199004)(6506007)(66946007)(66476007)(55016002)(52536014)(5660300002)(81166006)(66556008)(7696005)(4001150100001)(81156014)(8676002)(64756008)(44832011)(33656002)(76116006)(53546011)(186003)(26005)(8936002)(66446008)(2906002)(110136005)(316002)(86362001)(71200400001)(478600001)(9686003)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB4643; H:AM0PR07MB4161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QuJG6GUxitlmf9f7OgRuoWrhz/OTk39lX8dzfsrOthAaRKDnWu6JCi3i6fIwe9Ww8PBYBAd/LiIyAhTqJnFWPzzrsxKGUm+zLRW2g8xC2mjCvRHkIDpLcnBTg2oVqezHxuNOV4UzJ666dZa8rHuNBH8KQwTBLHKhcZgZBGAw1xmmLOzYvbDYRwdN7DEc7ZvYZAHHM/27HG14Ra1z63nTWQbHT34NFOOAeKJMI9g3PYJXnqNq3l/synKX/gD1IsRtrfrsf0p583Gsnrd1tZxf196aD+n+Mx/ZBlzy4O+r3l8EHMgf7FHB9Zn3Bu9qieg0fxR7n930Qmn40vQH1osWU0ppBUPXlhQQbIwR/iEFHRnVhMechLFISQx9mOwR+yVzRolZA/KmVWNdQ0ReirRgflwC8QSQXU4vHo6LABDEp3ZbRH01TrcMo5GEsiBf0wXv
x-ms-exchange-antispam-messagedata: GdNTp6xKTJ1/BubbwCPa0F7KrB/Yq6oQPkiBftxBIXWLnslQWwmICR1HOpB/4TplpAjz11c///I8+TQU2sHCrPaXhzCAjisZszAxViA7nyJUj1qO9N6Ozux+Yk1vUDe0blEoU3LNFC3hM0hnUnkH/g==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 13f9f0c6-b710-4008-4516-08d7a3365f26
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2020 14:37:01.5170 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9UQ3CA+XfMZEytUonMisPL8XpGGMwIp5Jd6+Eewc1Cp8F1xMqNqL/BRQtxYxCZ5cgUIPaylD2G/tqPaKi5N9YEtRH9Iw0PURD7qB1ffs1ao=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4643
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/FD7lrxSC36LgTaWG0_wPal-P1DI>
Subject: Re: [Masque] Proposed draft charter
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 14:37:06 -0000

Hi,

" There is a client, a proxy, and a server in your scenario. "No data is send unencrypted" does not necessarily mean that the data is end-to-end encrypted between the client and server.

In the double-encryption case, you'd have one TLS session between the client and the proxy, and another one between the client and the server, right? Which one would be eliminated to avoid the double encryption? Would clients need to ship with unencrypted QUIC stacks and need to trust that their proxy throws on the crypto for them?"

As I would like to understand it the most straight forward way to avoid double encryption would be to use the MASQUE server as a UDP proxy or TURN server of sorts. A client and a MASQUE server establish a connection where feature negotiation and other information is exchanged. If double encryption is to be avoided, the client establishes end-to-end encrypted QUIC connections over the same 5-tuple as the client-proxy connection. Instructions to the proxy on where to forward, how to differentiate connections or any other required information would be sent on the client-proxy connection. 
This should have no impact on the QUIC security model.

Marcus

-----Original Message-----
From: Masque <masque-bounces@ietf.org> On Behalf Of Lars Eggert
Sent: den 27 januari 2020 14:28
To: Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org>
Cc: masque@ietf.org
Subject: Re: [Masque] Proposed draft charter

Hi,

On 2020-1-27, at 14:54, Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org> wrote:
> [MK] The focus of this new group will be a signaling protocol on top of QUIC in order to communicate with the proxy and instruct the proxy to tunnel and forward other (unaltered) traffic that may or may not use QUIC as the end-to-end transport protocol. I think any new protocols that "just" uses QUIC as a transport should be in a separate group.

I agree with that basic approach (that apps that just want to run on vanilla QUIC can be in their own WGs.)

I don't think that this is the case here, however. (Or I am misunderstanding the proposal, which is not unlikely...)

> Of course there might a closer dependency on QUIC features for this proposed work than for other application protocols, however, having the specification of a completely new protocol for proxy signaling in the QUIC group would be a very high load. As Magnus says this work is probably more link SOCKS or TURN, depending how you look at it...

It might be helpful to see an initial solution candidate, so that complexity could be assessed.

> [MK] So there will be no data send unencrypted. The questions is only if there are ways to remove one layer of encryption if there are two. I think we could/should actually further clarify this point in the charter.

And this is why I don't think this is just an application using QUIC. Because the intend seems to be to change the security model of QUIC.

There is a client, a proxy, and a server in your scenario. "No data is send unencrypted" does not necessarily mean that the data is end-to-end encrypted between the client and server.

In the double-encryption case, you'd have one TLS session between the client and the proxy, and another one between the client and the server, right? Which one would be eliminated to avoid the double encryption? Would clients need to ship with unencrypted QUIC stacks and need to trust that their proxy throws on the crypto for them?

> [MK] So far we don't have a fully fleshed proposal but people working on this charter believe that there are use cases where double-encryption could be a strong performance impact and we should discuss while doing this work if there is way also support a mode where double-encryption is avoided or at least performance impact are reduced.

The performance impact at a (double-encrypting) proxy is exactly what it is for a QUIC endpoint, which at the moment depends on how good your AES routines are, and in the future may well become close to zero (when crypto offload becomes available). We're at the moment seeing measurements of ~5Gb/s/core from several different QUIC stacks, so 20 cores (= 1 CPU) give you 100G, which seems OK to me.

> I see this rather as a requirement at the moment and a final decision if and where to do it depend on the proposed approach. Maybe that is also something to clarify in the charter.

To me, this is one of the key questions. I'm opposed to doing any variant of QUIC in the IETF that doesn't have end-to-end encryption. Whether this is in scope or not IMO needs to be clarified now rather than later.

Thanks,
Lars

v2.23.0 | Report a Bug | By Email