IETF Logo Mail Archive

Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 07 June 2021 08:15 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B75113A3BF2 for <masque@ietfa.amsl.com>; Mon, 7 Jun 2021 01:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rGyB4fSbJLkd for <masque@ietfa.amsl.com>; Mon, 7 Jun 2021 01:15:30 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2065.outbound.protection.outlook.com [40.107.21.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 832273A3BFF for <masque@ietf.org>; Mon, 7 Jun 2021 01:15:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OyCnCRTCaVvR2JdCJ8lujCf4LLD8yvI+DGdX3wnIysmmsKl9OAQSpPhErp9ito7xQJdJgPj9s4CRXOu5EDW3tdRo4s+aABX7/Ix98H2rr1OynBwkb8HA1DUCjlB2x1siMP4vSUZw5jCp3e3Knl0LGpMW2BCsxTagk1GJo3WN28zsDTQ80Jk8YrPLdId6PvxNk2/Dc8i/SPzHI0/QgcM4kEQoLx9UyAGzwk1kbzkpv2o81I8Jx+IUyNa6iJV3yaksRc361nlBM/hkFJDzAU66kQstCCagZx5VeXPHNmmzEscDieYWx19LWVUH3QAHx34+1sEm6QgutY7x52hKSoR++g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lwkSr6LWmnwh55aLdlgT8XWv+D+r/QEQkQ8/RV1QF0Y=; b=k4hzF9TwhMAw2ir4b2UDwoSioFCWGk9f60iWqYu0jJREDz1nb+s9XtTNCdnVQ5KLYe7Xszh8/UskKLQKo7KN7l9LodLjW4nd7hXg2dec2YpiFh9hM3A0MSnF0o0DmZkgXHySEtKhEnZiCn74S1Nn8B3NT83qFRxMEnfASsgScqfg0Ty3wzf4Q4WwgFEGuBSUbLA1Kdzt+DiwM+0xzcVii3mzDrtqoYNhPfFZZREOBYR+f5z0gY7O0f7gb3ElyNbbx9s6/vrTX3NPY/znxrqjJ3oJcDV0c1LaFGaVpLZRnVBQMudCPm7E2RDRuIUlWZ4pJdbw7DcxYC8isyLSbUOtIw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lwkSr6LWmnwh55aLdlgT8XWv+D+r/QEQkQ8/RV1QF0Y=; b=SH7MHYaNd/qbT72C8BXNoPa3Sff1y2okMWX8UC6pNhkshsYX2m3P+ZueNdz4ZJN/orqp0NzUiv5o/+Au3Nib0HUMHuisyftXyTSHSel9HK+J5Z3+PefS2u0Ywt6HdwLKE7S11EwfO4wGjPt50vVBQpBAo8HcY2FO80DPA4KYWhk=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0701MB2796.eurprd07.prod.outlook.com (2603:10a6:3:9c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.17; Mon, 7 Jun 2021 08:15:26 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::2c37:7e2b:9176:c0d1]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::2c37:7e2b:9176:c0d1%5]) with mapi id 15.20.4219.019; Mon, 7 Jun 2021 08:15:26 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "dschinazi.ietf@gmail.com" <dschinazi.ietf@gmail.com>
CC: "masque@ietf.org" <masque@ietf.org>, "caw@heapingbits.net" <caw@heapingbits.net>, Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
Thread-Topic: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
Thread-Index: AQHXUjxBf3ikf/VJnEKptAWJfzyNZKr9pm+QgALDNwCAAOyaAIACrmiAgAAGCgCABDtegA==
Date: Mon, 07 Jun 2021 08:15:26 +0000
Message-ID: <21d8fc788051b570768e53d6d9355ed51b423c0a.camel@ericsson.com>
References: <d314198b-6c01-4b15-84d8-9896b5fdee80@www.fastmail.com> <HE1PR0702MB3772355483E2771650C6D679953F9@HE1PR0702MB3772.eurprd07.prod.outlook.com> <746F7E16-37BD-49EF-896A-649D394CCB05@ericsson.com> <CAPDSy+6PjZk0Kea6154V3=GF-8bs+0Mr+FtFfi-girGh3uAVrQ@mail.gmail.com> <3deea8212d66731de5c81abae353f3e9322f2d57.camel@ericsson.com> <CAPDSy+68DoVrRiC7uEn1-Ze_5LDn9mt7-f+ZeovTTYAUh=w2Og@mail.gmail.com>
In-Reply-To: <CAPDSy+68DoVrRiC7uEn1-Ze_5LDn9mt7-f+ZeovTTYAUh=w2Og@mail.gmail.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [158.174.104.155]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fe9b060a-661d-449f-cf98-08d9298c67ef
x-ms-traffictypediagnostic: HE1PR0701MB2796:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0701MB279665B23D8BE9BFA1C49F5F95389@HE1PR0701MB2796.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dzY2rMvWG6DoPd/4eh0qOTougaYMFIKwQH0Z1SNyhfvA/Zj7Q6U75I7jugFczqFco9icUYwEVb4dKP2A1y5GC4cYs+PMJNH0dDQsbm679VJmot1wGhfVdch9L60LjoA9nqLTf27V3yJZsSjinKRAhIqZVCZbtBbh2iLyhfrr8NKk4xYauxQxLobPIinzWtYdlzG1H2Df0ielu2ec9gQrWaACBbB+PBz0t2JSWL4qP3jKHHkz+kzvxM1uhOmf7iKKBtKMu6S1aj8cdPgp/mtN5QW1Mifz5YRCBzDJGd083eNpcLYdAVlEI3NgoZY5dtyRgo/Kv6MvTsTZEWG58E9rNl+Vrmq7fE2cAgt7wdnJPXrvF1ntiW//Hx7Ccg2D9+igeqohtNhbP6MzdYUtwHGvWS3LVTmKoaHRTmPZq1igQE0DNsUW87Yp5e7yEEbk/xSfHCEvJG/d+QkghOxWMLPeKFuPkeDm2eRtknjQlqnCIVMUTR4vtGkbuqPRgY6R2Oa5JKLgv3CHDa8WN9b0EDtsTBbHSVKoiWuHzypuMlo2BAsV9+56BN3N64taEqw/HMJFKUQmjDAKb0mayAsTJ6QsJ8kd3hS3XU/v9m0a6z7iPBVqSEYpFmAS+S2O+v8f3cmxrgndUUz0KoertU4y7n1iPQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(39860400002)(366004)(376002)(346002)(6486002)(6916009)(36756003)(8936002)(186003)(26005)(478600001)(2616005)(316002)(6506007)(5660300002)(2906002)(71200400001)(4326008)(122000001)(54906003)(38100700002)(86362001)(8676002)(66946007)(66446008)(64756008)(6512007)(66556008)(66476007)(107886003)(76116006)(44832011)(83380400001)(99106002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 6qQMwTxBh0GAARMcDHK4D1Mbadi7B7EUD0N9eATpxX+9lfeehSvGmqnPf4Nwni57DfUFcsDecdXVuqKnhXfLpJj6U6w8oh0iUYkRo9jSaKtrISBf34Vfq3bew/uX5YLI31k9LCMCg3FgOWDnb+m/7qBg91ORPfJYKIKYUuwfo8Vnk9lHTTa/bVpDFqdZo55yktOiwNfqTwC/w1s8D+n7sFyvEOQrERg781qu/MyoLsQ6y/Ub65sHdiAURni42kIPxSPFRE6wLI5F9qGa2VYyTo6o7XcVzxbb2b3VdM2TbU2YHQeDpr0v+hRC44/8vo/xg6yw40FtW7DOarNSS2QuB0+vh7C0Pkli9Q1TdHPijhJ4yfwlHo59kQWsE50nWZ4cpbHyIlkZnoQNLji/VFMkM/6cW/QKMyzyjhDNoQdd6BJARh8U0rr5TBm7AAZo7UJ1y8D+fvFtQU4pXUNT1NkLM0e611soqya7GEIlA5UGBvnAELna1dG2mhrj7hZS6zFM7iOshjb7NVk/AHmU7NNhesftAi4E/i5RE4FLajViyhfZ9yIrpwpWmOgPZ1mRRltGsVWoFbrFwreRVcuOnUurebo7kOgad10gfWsYgbwA/qhBocaL1d7gOg7EUg8RCKShMxIJPet1Mm5LBsSWD6+MZyTdnBn3ZIf8pvNeMHvAALsX15OusHadbnmJuBQA6G80WQAaiqK10TOed1ffQ0TvTZRA6w9cOoZkg7r9Ub9oNIaLB/l7Hp+ytF26MRHFracIyCSx3KX8cmdbP3v5JlYpjUsGo+Ft8lwVk5yJEyVz4sdWvSFrvkDt9Jut+V1lhtEaJyMWCzR49AkcWJbGggkDhsI8Xa73zUb56OqxV7QBNr9nXjzxstKehKtj1i9NXJQllO4RnHuK0USMvJwoifu2eXhZsuifI8J5ujojl65eJ4zw1j7r1TLlpTShm7xuQV9zbo6TV5yBGASisP4hLBaoFjg8pVdFAU6xnvXogovE6c2Cz9k49Kfuyd+yaxN8fRTHgTqqboXZ8zXtb4KV7o1OphWiXcUr8+2g6/5pQ8G6/hPnm1rOnEpPdwm9AT74LgEZBfMZigoxm0utJOdNABHJiTfAGVkJwE8P9QFXx0tih3pJnaajanQzRvDfXEOyVjK+ZM0e5XW8LsO62fQhBy0so4wa/53XO3Ct43MuhvxlzJykKBXwBgXw0KrbLTPlQOqvZikLQJRjhminmsu8t7JGLh8c+VmMSmmLJCeyDgaFxOfW71u9GQRtOZW7MgOoitWATP1zrorQoCkVBb3GIfBWilSUbXVhnAprathrj2EyhxGD0Zb3piVHouNfNMMlwIEuwQCckvaw/6DB9p7vjqlLfg==
Content-Type: multipart/alternative; boundary="_000_21d8fc788051b570768e53d6d9355ed51b423c0acamelericssonco_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fe9b060a-661d-449f-cf98-08d9298c67ef
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jun 2021 08:15:26.4056 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: b4JEZVC52qZTpRTvPm+cTU+5Mmf78kuhrx6wgoeSqJXO+cLPmtY7J6QjrDGtg1Ilo73AUCPJky2hogUSk9CYcC658ubgy+LHWbuaniw0lrw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2796
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/GnL7kwzwtJKf3LZcj9u8BoVlHVk>
Subject: Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 08:15:36 -0000

Hi David and WG,

Let me attempt to clarify a bit why I have made the comments I have made. I think they do stem from interepreting the network to network use cases as a very general technology and from the perspective of deploying this with clients which the server has limited trust in. I realize that you are likely comming from another perspective that you only intended to use this in cases where you have fairly high mutual trust in the client and the server. I think that is actually the major difference here and why you below think I am making a circular arguments. I think it all stem from lack of discussion of this use cases and what operational limitations we intended to have on the protocol.

So if the goal here is to have high mutual trust between client and server then I think a protocol solution may be able to be defined with such an applicability statement and less mandate on necessary protocol mechanisms to protect against malicous peers. I think that is in stark contrast against some of the other use cases where the trust in the client could be rather minimal. Like the client and server relationship is only this is a paying customer that gets a VPN access and the server has no idea what type of client or implementation that are the peer. This basic use cases will deploy with an addressing architecture that makes it much less vulnerable to malicous intent on the routing level.

So, can we please discuss what assumption we have on the client and server trust?

I also think your attempt to sweep the addressing schemes to be used by the servers under the rug and not disucss them have hurt the understanding. I at least have been guessing on possible deployment scenarios rather than that we have openly discussed them in the WG. Yes, they maybe not need to be detailed in the protocol solution or an arhcitecture document, however they would have made sense to have some addressing deployment scenarios in this requirement documents use case section to make clear what would have been intended. Because they do influence what is needed for the solution.

Cheers

Magnus

v2.23.0 | Report a Bug | By Email