Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
David Schinazi <dschinazi.ietf@gmail.com> Fri, 04 June 2021 15:14 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 000913A1613 for <masque@ietfa.amsl.com>; Fri, 4 Jun 2021 08:14:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gIHqJFWs93IB for <masque@ietfa.amsl.com>; Fri, 4 Jun 2021 08:14:57 -0700 (PDT)
Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 564513A160D for <masque@ietf.org>; Fri, 4 Jun 2021 08:14:57 -0700 (PDT)
Received: by mail-pg1-x52a.google.com with SMTP id o9so5296942pgd.2 for <masque@ietf.org>; Fri, 04 Jun 2021 08:14:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BseqffH7FTW8f+lkICrL712Dj3JPfaTdG9uPQBlqchQ=; b=X5G4TRkiXfTf2gZJlFdPJN1IF/OvvzQkOHdQUTqN58uI3fqf8LmsFLx2vVSEWkcggP jBT1+IU/rfeDnNLqVL3KWvNxVnbI7PyfJfNJAgmi0A8M8RjAY1xkOEwMiii9IGPnXzhF iLVi6ZXQEpxt7UFq7PEb17Sf6imO5bTLDfDjkAK4/lF5q9ze5p5jRG/8muI/hYZM4Sqd j8VdM7bnCSMuftAgVzf0HV7tplsGepz3fECJ8WdM3U5awmkDkaB399DeWr7iRlzB5EeC cGGY0R8vpZChGHRn5kf3Nwgqq1zqhqoOHlQz4iLlAzXsgnS0NQc/3EFvHHkueQ7XS+71 UzTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BseqffH7FTW8f+lkICrL712Dj3JPfaTdG9uPQBlqchQ=; b=J2tJWdWzuR6+rcgyTuJtEwcW/59JmiUvOtI23uUu4RqdAE3sfvumMoBzeaaywTZCj0 2nPsu9pq5cjQdMrw15TkkNy1dZSQx1Vf1UUeEkOg02XhYeicdV3b+tYATZUgx2t5e2o5 p++K+YLqc68eW4KASta7sMeW1jgKm1ab7oSvw8RauUJleohSBMLrZ8XnEmNBKYWA5C6p rGFqARDDC6haI2Y/pgmy2YXhLFAK0uX1zlqCEwWXztl8ViW58cG+bGthD0zq99shm1RA UGxdn9ijOkQVx0Qjn3YGqnyaxMKWuxkY1kueeoDKQrIa/6mlKtXSKp+iAx3beE90PN7g JrpQ==
X-Gm-Message-State: AOAM532sL1WoJpEEDvi1u9hgrqdRHTA+JTZV9r391Jg1ZDrqroexRGjU WnJtxw6PgYedfHJgJfDYMB7AarNdSvNqIReGlnHVOzQw
X-Google-Smtp-Source: ABdhPJz21fX3wz8/TlGOaibdUN891CGKudH8au5uc93JC3kRqXjFvQiypvMmIkU0zd80hcq+9wap9Clo3Tn90DIhhe4=
X-Received: by 2002:a63:5f8b:: with SMTP id t133mr5388238pgb.411.1622819696069; Fri, 04 Jun 2021 08:14:56 -0700 (PDT)
MIME-Version: 1.0
References: <d314198b-6c01-4b15-84d8-9896b5fdee80@www.fastmail.com> <HE1PR0702MB3772355483E2771650C6D679953F9@HE1PR0702MB3772.eurprd07.prod.outlook.com> <CABcZeBOXLy7VA=t7F5UC-DuKE4NPymOvXThaevKkKD3n_G5RaA@mail.gmail.com> <eda844f5db2a5f19e60a67e79e0509498285ba29.camel@ericsson.com>
In-Reply-To: <eda844f5db2a5f19e60a67e79e0509498285ba29.camel@ericsson.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Fri, 04 Jun 2021 08:14:44 -0700
Message-ID: <CAPDSy+7Uoxb+sAxA8shQM2yUgBeMXVanF6YWZdxPM_Jx5PpQGA@mail.gmail.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Cc: "ekr@rtfm.com" <ekr@rtfm.com>, "caw@heapingbits.net" <caw@heapingbits.net>, "masque@ietf.org" <masque@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000084cf0505c3f2275c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/H6e-_uPQyU4pcpJ-e4Mz6TF8v-I>
Subject: Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2021 15:15:00 -0000
Hi Magnus, What exactly are you trying to achieve here? It sounds like your only point of disagreement with the WGLC is that you would prefer to have network-to-network be an extension instead of an optional-to-implement part of the core. Because of this very minor detail, you're suggesting large amounts of process like a recharter. We all know that that takes many weeks to accomplish. Can you explain why such a small detail warrants delaying this whole effort? Thanks, David On Fri, Jun 4, 2021 at 7:58 AM Magnus Westerlund <magnus.westerlund= 40ericsson.com@dmarc.ietf.org> wrote: > Hi, > > On Wed, 2021-06-02 at 15:32 -0700, Eric Rescorla wrote: > > > > On Mon, May 31, 2021 at 8:35 AM Magnus Westerlund <magnus.westerlund= > 40ericsson.com@dmarc.ietf.org> wrote: > > Hi, > > I have reviewed the document -02). I have some detailed comments below but > first I have a very high level comment about this document. > > I think it is a mistake to attempt to declare a WG consensus on this > requirement document. I do believe this document contains valuable things > to > consider. However, I do not agree on how it is formulated or what > requirements > level it puts on things or what it means. An example where I see a > significant > issue with how we interpret things would be this from Section 2. > > > Can you elaborate a bit on what you are asking for here? > > The charter says: > The group will focus on a limited set of client-initiated services: (1) > UDP CONNECT and (2) IP proxying. Server-initiated services are out of > scope. > The working group will first deliver a protocol solution for UDP > CONNECT and a requirements document for IP proxying. Once both are > complete, the working group will focus on a protocol solution for IP > proxying. > > > > IOW, this requirements document is prior to working on IP proxying > technically. So, what would you have us to do be able to work on that? > > > I think one way to deal with this is to recharter. But, maybe we can > adjust the document or have additional discussion to create a consensus > here. I think clarifying what is actual common core and what is needed for > specific use cases could be vastly useful. > > And with more voices involved in this we likely can have a rough consensus > that actually is a consensus. > > > > > "This > section discusses some examples of use cases that MUST be supported > by the protocol. Note that while the protocol needs to support these > use cases, the protocol elements that allow them may be optional." > > I think this MUST is quite meaningless in the context of the next > sentence. > For example I am of the opinion that the protocol should not be required > to > support use case 2.4, however I have no issue with the proponents for that > use > case develop an extension. The reason I think it should be an extension in > an > individual document is that in this use case one can assume much less > about > routing, source address validation, and the trust issues for that > information > looks different. So what does it mean that the protocol MUST support 2.4 > if > that is in an extension? Then it is not necessary for it to support and > thus > not a MUST. > > > I don't think this is meaningless. For instance, suppose that I was > writing a requirements document for TLS, I might say "TLS must support > certificate-based client authentication", but any given client or server > might not support that. The first is a requirement on the protocol design, > the second on the implementations. > > > The issue I have I think is that this do require the protocol to have all > these features in place before we can progress the core of the protocol for > approval. Which means that we need to solve all the issues with all the use > cases before the WG can progress. > > > > > This is just one example and I point out more things where I am not > agreeing > on how the requirement is formulated below. I think it is better for the > WG > that we avoid declaring consensus on the requirement document (which we > anyway > not intended to published) and instead use it as a reminder of use cases > and > functionality and then dive into solution that covers these. We can > discuss in > the context of the solution if it is necessary or not to have a particular > feature that enables a particular use cases in the core spec or in a > extension. > > > With the caveat that I am not a huge fan of requirements documents, this > seems like it's just punting all requirements discussions to the protocol > document. If we really don't have consensus on 2.4 (and without taking a > position either way on that), then I would rather bracket that requirement > and declare consensus on what we have. > > > If with "bracketing" means clarify that these are potentially optional > parts then I think that is a reasonable direction. > > > I don't personally strongly desire 2.4 but it's clear to me that 2.4 is an > essential part of operating a large class of corporate VPNs, so if we want > to have a generic VPN protocol, we need it, no? To the extent to which it > is complicated, I would suggest we try to solve it (borrowing from IPsec as > appropriate) and if we discover we cannot within a reasonable period of > time, then we can consider punting it. > > > So I am not objecting to the WG working on 2.4, and as you say it will be > necessary. However, I would strongly prefer to have that functionality > being an extension of a basic core. > > Cheers > > Magnus > -- > Masque mailing list > Masque@ietf.org > https://www.ietf.org/mailman/listinfo/masque >
- [Masque] WGLC for "Requirements for a MASQUE Prot… Christopher Wood
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Mirja Kuehlewind
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Eric Rescorla
- Re: [Masque] WGLC for "Requirements for a MASQUE … Töma Gavrichenkov
- Re: [Masque] WGLC for "Requirements for a MASQUE … Jana Iyengar
- Re: [Masque] WGLC for "Requirements for a MASQUE … Martin Thomson
- Re: [Masque] WGLC for "Requirements for a MASQUE … Mirja Kuehlewind
- Re: [Masque] WGLC for "Requirements for a MASQUE … Mirja Kuehlewind
- Re: [Masque] WGLC for "Requirements for a MASQUE … Töma Gavrichenkov
- Re: [Masque] WGLC for "Requirements for a MASQUE … Alex Chernyakhovsky
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Christopher Wood
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Eric Rescorla
- Re: [Masque] WGLC for "Requirements for a MASQUE … Alex Chernyakhovsky
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Spencer Dawkins at IETF
- Re: [Masque] WGLC for "Requirements for a MASQUE … Martin Duke
- Re: [Masque] WGLC for "Requirements for a MASQUE … Martin Duke
- Re: [Masque] WGLC for "Requirements for a MASQUE … Alex Chernyakhovsky
- Re: [Masque] WGLC for "Requirements for a MASQUE … Christopher Wood
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Spencer Dawkins at IETF
- Re: [Masque] WGLC for "Requirements for a MASQUE … Mark Nottingham
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Spencer Dawkins at IETF
- Re: [Masque] WGLC for "Requirements for a MASQUE … Chris Box
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Chris Box
- Re: [Masque] WGLC for "Requirements for a MASQUE … Spencer Dawkins at IETF
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Spencer Dawkins at IETF
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Alex Chernyakhovsky
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Eric Kinnear