Re: [Masque] Proposed draft charter
Eric Rescorla <ekr@rtfm.com> Mon, 03 February 2020 10:17 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E807E120077 for <masque@ietfa.amsl.com>; Mon, 3 Feb 2020 02:17:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uZw9jITZMf9P for <masque@ietfa.amsl.com>; Mon, 3 Feb 2020 02:17:46 -0800 (PST)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4593B12002E for <masque@ietf.org>; Mon, 3 Feb 2020 02:17:46 -0800 (PST)
Received: by mail-lj1-x22f.google.com with SMTP id d10so13959258ljl.9 for <masque@ietf.org>; Mon, 03 Feb 2020 02:17:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=83fBPifJft1CJEwdxlQDkKPhH1Wc5kD7QlRmauoFsmM=; b=AE5tJsgi5duIDqfDYcD0TrptMQZoPXOo7Ylz8Mozp+9AxKKKiBD1dkL0y4GnCTWj0a 9FPxLLhT3HXRqyq2gEHPJIw2PfL/4eyZSnAQbT7cNEsK8CpiqwZQl0I+KuBCLm5FXn/l heoxQ6626UNgiLmkJ9sF300cqmQnj1jAExCi0yGTxXM8VYIjDP1qOww9FgNCtwvpYQkQ tIwF4mcgVMu/3uo4yDZ1zMLNrw5JRXvIC0Tn7jiUhvO3vIUDNuGGIZz/tFcrqItx4Onc We1x2nEInywqeLNAHKWoShfMWahk2YCI205KRt9eF5JpQ5Ag/E7FFK12ECGsNH2IYVlx Z+bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=83fBPifJft1CJEwdxlQDkKPhH1Wc5kD7QlRmauoFsmM=; b=C3oOspVRcPkAcYNu/Re3P8RgJUiBn+xwCgsn83B4H+4WiwgQzm4VEvZQAIFX2rWSLA I1RBGWLuTAGurDy2jMtiu4zxXPLotxmpZE1ue/ov//U5EEeQq//qDmZ2Nv2DaWgQim85 B6ixJH5INHwpEOTwtEyD4VhCz09ACmVYyN/dZmiaD1gyLUOSUAuW54SWkxFB3ydjAU+N evCveAoDwUxLXD7uTxREWL+WALKJcEK/43eLtyQtc+gMaTyUay8dCyWdB+dz35gKQLwT 6UzjNtulpYrDGhbqCwPiI9p0yMRZbDmSEGnjxxk0u5UVHF9G2bEiivx3/HdznK8PrIoh 8B9Q==
X-Gm-Message-State: APjAAAX3YkTNwmdoynS9MNHhOUHYrJmjrpUg0aGcRrG1ZeJ+rXp3K3Oe cHwtGXS7NS10XyIPSBjh/y3HTw3E5wf+6Vcq22eBEWOtUJQfhQ==
X-Google-Smtp-Source: APXvYqzJwbTLvbjn0Z/SlZ/xzi878xDTRt0DUFxNB9BQ6QLRHlYMr17SVYGjKRWwVI4WOv7H3WxGweILrvTCZKMvuEI=
X-Received: by 2002:a2e:9b12:: with SMTP id u18mr13429241lji.274.1580725064379; Mon, 03 Feb 2020 02:17:44 -0800 (PST)
MIME-Version: 1.0
References: <845946C2-EB98-4F3A-966E-968AE349302C@ericsson.com>
In-Reply-To: <845946C2-EB98-4F3A-966E-968AE349302C@ericsson.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 03 Feb 2020 02:17:08 -0800
Message-ID: <CABcZeBOJtyaa+J9PqoEZ7n8QahFy4n8nbBaCwUd0W+1BoMNnZQ@mail.gmail.com>
To: Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org>
Cc: "masque@ietf.org" <masque@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f35604059da93b97"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/Ib3z9wXGaItmn93RXuzb2dRb9zo>
Subject: Re: [Masque] Proposed draft charter
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 10:17:49 -0000
Hi folks, I have reviewed this charter and I fear that it is going in the wrong direction. When MASQUE was first proposed, it was conceptually simple: effectively an HTTP CONNECT tunnel but (1) Implemented over QUIC/H3 rather than H1/H2 (2) Allowing for non-TCP protocols to be carried over the tunnel. IOW, it was an application-level VPN. This is something that clearly has a number of valuable uses cases. To name two real-world applications where this would be valuable: 1. Tor has repeatedly discussed converting from their TCP-based protocol to something DTLS or QUIC-like. 2. Firefox Private Network (https://fpn.firefox.com/) has an H2-based secure proxy mode, and running it over QUIC would have some obvious advantages. However, when I read this charter, that simple application is sort of buried under a bunch of other stuff that seems more appropriate for some other use cases, such as performance-enhancing proxies. proxy caches, etc. While I appreciate that something like tunnel (as in FPN/Tor) and PEPs are both technically proxies, they're fundamentally dissimilar even though they occupy the same position in the data stream (though not the same position in the network, given that PEPs are typically on-path between endpoints whereas tunnel-type systems typically are not). It's not necessarily bad to charter work that handles multiple use cases, but in this case, I think that it would be a severe distraction because the requirements are totally different. In the tunnel-type case, the point of the proxy is to a great extent to protect client-server connection from interference by the local network (as well as to conceal the client/server IP addresses). However, in the PEP style case, the purpose appears to be to reestablish the control that these network-level devices had prior to the advent of QUIC's end-to-end encryption. This is readily apparent from the text in this proposed charter that says: As use-cases for deploying MASQUE have different security or performance requirements, the working group may define multiple MASQUE services for proxying to suit these disparate use-cases. This actually seems like an understatement. IMO, we should simply strike all these use cases and focus on a simple tunnel protocol, which seems comparatively straightforward. Such a protocol should be designed to be extensible. In parallel, those who are interested in designing protocols to re-establish access by network intermediaries can work on those separately, and, if there is sufficient implementor interest we can then discuss whether those use cases should be served by Masque extensions or by some other protocol. -Ekr
- [Masque] Proposed draft charter Mirja Kuehlewind
- Re: [Masque] Proposed draft charter Lars Eggert
- Re: [Masque] Proposed draft charter Paul Vixie
- Re: [Masque] Proposed draft charter Magnus Westerlund
- Re: [Masque] Proposed draft charter Lucas Pardue
- Re: [Masque] Proposed draft charter Derek Fawcus
- Re: [Masque] Proposed draft charter Mirja Kuehlewind
- Re: [Masque] Proposed draft charter Lars Eggert
- Re: [Masque] Proposed draft charter Mirja Kuehlewind
- Re: [Masque] Proposed draft charter Marcus Ihlar
- Re: [Masque] Proposed draft charter Magnus Westerlund
- Re: [Masque] Proposed draft charter Lars Eggert
- Re: [Masque] Proposed draft charter Marcus Ihlar
- Re: [Masque] Proposed draft charter Mirja Kuehlewind
- Re: [Masque] Proposed draft charter Paul Vixie
- Re: [Masque] Proposed draft charter Eric Rescorla
- Re: [Masque] Proposed draft charter Mirja Kuehlewind
- Re: [Masque] Proposed draft charter Eric Rescorla
- Re: [Masque] Proposed draft charter Eric Kinnear
- Re: [Masque] Proposed draft charter Eric Rescorla
- Re: [Masque] Proposed draft charter David Schinazi
- Re: [Masque] Proposed draft charter Mirja Kuehlewind
- Re: [Masque] Proposed draft charter Eric Kinnear
- Re: [Masque] Proposed draft charter Spencer Dawkins at IETF
- Re: [Masque] Proposed draft charter Eric Rescorla
- Re: [Masque] Proposed draft charter Spencer Dawkins at IETF
- Re: [Masque] Proposed draft charter Christian Huitema
- Re: [Masque] Proposed draft charter Eric Rescorla
- Re: [Masque] Proposed draft charter Spencer Dawkins at IETF
- Re: [Masque] Proposed draft charter Spencer Dawkins at IETF
- Re: [Masque] Proposed draft charter Eric Rescorla
- Re: [Masque] Proposed draft charter Spencer Dawkins at IETF